CVE-2026-32706

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

CVE-2026-32706 PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

CVE-2026-32706

PX4 autopilot's crsf_rc parser contains a global 64-byte buffer overflow when processing an oversized variable-length known packet prior to 1.17.0-rc2. An adjacent/raw-serial attacker on a CRSF port could trigger memory corruption and crash PX4. Fixed in 1.17.0-rc2. CVSS v3.1 base score 7.1 (High...

CVE-2026-32706 PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

CVE-2025-62404

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue...

CVE-2025-58455

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue...

PT-2026-5922

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 versions 1.0 through 1.3.1 Build 20241120 Description A heap-based buffer overflow exists in the tmpserver modules of the TP-Link Archer AX53. An authenticated, adjacent attacker can trigger a segmentation fault or...

EUVD-2017-15486

Malware in sbrugna...

CVE-2021-38111

The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI Near Field Magnetic Induction protocol...

CVE-2021-35093

Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore...

PT-2025-1405 · Unknown · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions prior to 2.6.4 Description: The issue concerns an assertion in Open5GS MME that can be remotely triggered via a sufficiently large ASN.1 packet sent over the S1AP interface. An attacker can repeatedly send such oversized...

CVE-2023-37032

A Stack-based buffer overflow in the Mobile Management Entity MME of Magma versions = 1.8.0 fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486 allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an oversized Emergency Number Lis...

ARM Mbed OS 安全漏洞

ARM Mbed OS is a suite of open source embedded operating systems dedicated to the Internet of Things from ARM UK. A security vulnerability exists in ARM Mbed OS version 6.16.0, which originates from a buffer overflow triggered by a function that will continue to write to a temporary header buffer...

CVE-2024-35901

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix Rx DMA datasize and skboverpanic managetrxbufcfg aligns the RX buffer's DMA datasize to be multiple of 64. So a packet slightly bigger than mtu+14, say 1536, can be received and cause skboverpanic. Sample dmesg:...

CVE-2023-50784

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet if a websocket port is open. Remote code execution might be possible on some uncommon, older platforms...

Buffer overflow

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet if a websocket port is open. Remote code execution might be possible on some uncommon, older platforms...

CVE-2023-50784

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet if a websocket port is open. Remote code execution might be possible on some uncommon, older platforms...

kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious too big networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious too big networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2021-31609

The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet...