Astra Linux - уязвимость в libsoup2.4

A flaw was discovered in libsoup. It is vulnerable to memory leaks in the soupheaderparsequalitylist function when parsing a quality list that contains elements with all zeros...

Astra Linux - уязвимость в pypy

Python versions 2.7.x through 2.7.16, and 3.x through 3.7.2 are affected by improper handling of Unicode encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure—credentials, cookies, etc., that are cached against a given hostname. The affected components...

Astra Linux - уязвимость в golang-golang-x-text

In Go 1.15.4, a "index out of range" panic occurs in the language.ParseAcceptLanguage function during the parsing of the -u- extension. The language.ParseAcceptLanguage function is supposed to be able to parse an HTTP Accept-Language header...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Do not use freedevicenode in graphutilParsedai. The commit 419d1918105e states that “ASoC: simple-card-utils: Use freedevicenode for devicenode”. However, freedevicenode should be used for dlc-ofnode, but...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type...

Astra Linux - уязвимость в htmldoc

HTMLDOC before 1.9.19 has an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node...

Astra Linux - уязвимость в hdf5

A SIGFPE signal is raised in the function H5Dchunksetinforeal of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207...

Astra Linux - уязвимость в golang-golang-x-net, containerd-app

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to a Denial-of-Service DoS attack if an attacker provides specially crafted HTML content...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...

Astra Linux - уязвимость в golang-1.19

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

Astra Linux - уязвимость в golang-1.19

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: A memory leak in the smb3fscontextParseParam error path has been fixed. Proper cleanup of ctx-source and fc-source was added to the cifsParseMountErr error handler. This ensures that the memory allocated for the source...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fix memory leak in pinconfgenericparsedtconfig In pinconfgenericparsedtconfig, if parsedtcfg fails, it returns directly. This bypasses the cleanup logic and results in a memory leak of the cfg buffer. Fi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ceph parselongname: strrchr expects a NUL-terminated string. … And parselongname does not guarantee this. That’s why it uses kmemdupnul to create a NUL-terminated copy of the string for kstrtou64; The problem is that kstrtou64...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrsacpihid command-line parameter The 'acpiid' buffer in the parseivrsacpihid function may overflow, because the string specifier in the format string sscanf has no width limitation...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: pinctrl: rockchip: Fixed the refcount leak in rockchippinctrlparsegroups. The function offindnodebyphandle returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer necessary. Add th...

Astra Linux - уязвимость в ruby2.5

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleonparsegdd In chameleonparsegdd, if mcbdeviceregister fails, 'mdev' would be released in mcbdeviceregister via putdevice. Thus, goto 'err' label and free 'mdev' again causes a double free. Jus...

Astra Linux - уязвимость в gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

Astra Linux - уязвимость в golang-1.19

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...