Astra Linux - уязвимость в cjson

In cJSON before version 1.7.18, parsestring has a heap-based buffer over-read issue, occurring through "1":1, without any trailing newline characters when cJSONParseWithLength is called...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: simple-card-utils: Fixed the pointer check in graphutilParseLinkDirectionation. Now, it checks whether the passed pointers are valid before writing to them. This also fixes a USBAN warning: UBSAN: Invalid-load in...

Astra Linux - уязвимость в mariadb-10.3

MariaDB version 10.5.9 allows a sqlparse.cc application to crash due to incorrect expectations regarding usedtables...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fixed the refcount leak in ohcihcdnxpprobe. ofparsephandle returns a node pointer with a refcount incremented; we should use ofnodeput on it when it is no longer needed. Add ofnodeput to avoid the refcount leak...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: bq257xx: Fixed the issue of a reference leak on the device node in bq257xxregdtparsegpio. In bq257xxregdtparsegpio, if it fails to obtain a sub-child node, it returns without calling nodeputchild, resulting in a...

Astra Linux - уязвимость в gst-plugins-base1.0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parselrc function within gstsubparse.c. The parselrc function calls strchr to find the character ‘’ in the string line. The pointer returned by this call ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Prevent an incorrect count for tracingcpumaskwrite. If a large count is provided, it will trigger a warning in bitmapparseuser. Also, check for zero values as well...

Astra Linux - уязвимость в binutils

A out-of-bounds read flaw was discovered in the parsemodule function in bfd/vms-alpha.c in Binutils...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A memory leak was fixed in the parseleasestate function. The previous patch that added a bounds check for the create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without...

Astra Linux - уязвимость в linux-5.10, linux

There is a known vulnerability in the l2capparseconfreq function of the Linux kernel’s net/bluetooth/l2capcore.c file, which can be exploited to remotely leak kernel pointers. We recommend updating to the previous commit:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb/server: Fixed the refcount leak in parsedurablehandlecontext. When the command is a replay operation and -ENOEXEC is returned, the refcount of ksmbdfile must be released...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: - media: v4l2-core: A potential resource leak was fixed in v4l2fwnodeparselink. - If the fwnodegraphgetremoteendpoint function fails, and ‘fwnode’ is set to NULL, then fwnodehandlePUT is a no-op. Instead, release the reference...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ACPICA: fixed cache leaks in “acpiparse” and “parseext” functions ACPICA commit: 8829e70e1360c81e7a5a901b5d4f48330e021ea5 The actual ACPI cache leak points are as follows: 0.360101 ACPI: Added OSIModule Device 0.360101 ACPI:...

Astra Linux - уязвимость в gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability has been fixed in version 1.24.10...

Astra Linux - уязвимость в golang-github-golang-jwt-jwt

golang-jwt is a Go implementation of JSON Web Tokens. Starting from version 3.2.0 and before versions 5.2.2 and 4.5.2, the parse.ParseUnverified function splits its argument which contains untrusted data using periods. As a result, in the case of a malicious request where the Authorization header...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fixed out-of-bounds access during parseadvmonitorpattern In the parseadvmonitorpattern function, the value of the 'length' variable is currently limited to HCIMAXEXTADLENGTH251. The size of the 'value' array in t...

Astra Linux - уязвимость в gst-plugins-base1.0

In GStreamer through 1.26.1, the subparse plugin’s parsesubriptime function may write data beyond the bounds of a stack buffer, resulting in a crash...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ipmi:ipmb: The refcount leak in ipmiipmbprobe has been fixed. ofparsephandle returns a node pointer with a refcount incremented. We should use ofnodeput on it after processing. Add the missing ofnodeput call to avoid the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: fixed the null-ptr-deref issue in hugetlbfsParseParam Syzkaller reported a null-ptr-deref bug as follows: ====================================================== KASAN: null-ptr-deref in range...

Astra Linux - уязвимость в libass

A stack overflow occurred in the parsetag function in libass/assparse.c in libass before version 0.15.0. This vulnerability allows remote attackers to cause a denial of service or remote code execution through a crafted file...