6716 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: In the ice function, there was a issue where the untrusted value of pktlen was used in icevcfdirparseRaw. This vulnerability was fixed by checking that the value of pktlen does not exceed the VIRTCHNLMAXSIZERAWPACKET value...
Astra Linux - уязвимость в tinyxml
In the TiXmlDeclaration::Parse method in tinyxmlparser.cpp within TinyXML, up to version 2.6.2, there is a potentially exploitable assertion which can lead to application exit. This issue occurs when a malicious XML document is used, where a null character \0 is placed after a whitespace...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fixed an error in handling chameleonparsegdd If mcbdeviceregister returns an error in chameleonparsegdd, the reference count of the bus and device names is exposed. This issue is addressed by calling putdevice to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup of partially initialized sync objects occurs during parse failures. The function xesyncentryparse can allocate references such as syncobjs, fences, chain fences, or user fences before encountering subsequent...
Astra Linux - уязвимость в python-django, python2.7
Packages containing “python/cpython” from versions 0 and earlier, including 3.6.13, 3.7.0 and earlier than 3.7.10, 3.8.0 and earlier than 3.8.8, 3.9.0 and earlier than 3.9.2, are vulnerable to Web Cache Poisoning via “urllib.parse.parseqsl” and “urllib.parse.parseqs”. This vulnerability occurs du...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fixed the memory leak in pathlist. Clang static analysis reports this error. sandboxer.c:134:8: Warning: Potential memory leak pointed to by ‘pathlist’. ret = 0; ^ pathlist is allocated in parsepath, but never...
Astra Linux - уязвимость в htmldoc
A flaw was discovered in htmldoc in v1.9.12 and earlier versions. A stack buffer overflow in the parsetable function in ps-pdf.cxx may allow for the execution of arbitrary code and cause a denial of service attack...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ath10k: Error handling in ath10ksetupmsaresources has been fixed. The devicenode pointer is returned by ofparsephandle, with the refcount incremented. We should use ofnodeput on it after that operation. This function only call...
Astra Linux - уязвимость в ffmpeg5, ffmpeg
FFmpeg n6.1.1 has an integer overflow vulnerability. The vulnerability resides in the parseoptions function in the sbgdec.c file, within the libavformat module. When parsing certain options, the software does not properly validate the input. This allows negative duration values to be accepted...
Astra Linux - уязвимость в gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...
Astra Linux - уязвимость в ncurses
A buffer overflow vulnerability exists in the postprocessterminfo function in tinfo/parseentry.c:997 within ncurses 6.1. This vulnerability allows remote attackers to cause a denial of service by using crafted commands...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed potential OOBs in smb2ParseContexts Validated offsets and lengths before dereferencing and creating contexts in smb2ParseContexts. This fixes the following OOPs when accessing invalid create contexts from th...
Astra Linux - уязвимость в libsoup2.4
A flaw was discovered in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: HID: usbhid: Eliminated a recurring out-of-bounds error in usbhidparse. Updated the struct hiddescriptor to better reflect the mandatory and optional parts of the HID descriptor according to the USB HID 1.11 specification. Not...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fixed an out-of-bounds access in parseintegerlimit. When configuring osnoisecpus using the write system call, the following KASAN exception may occur: BUG: KASAN: Out-of-bounds access in...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: A potential dereference issue with RCU resources has been fixed in the wilcparsejoinbssparam function. In the wilcparsejoinbssparam function, the TSF field of the ies structure is accessed after the RCU read-side...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: Fixed the error code msmParseDeeps. The SUBMITERROR macro converts the error code to a negative value. This additional '-' operation reverts it back to a positive EINVAL. The error code is passed to ERRPTR; since...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify the content returned by parseintarray. The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 will result in a null-ptr-deref error...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: media: i2c: hi846: A memory leak has been fixed in hi846parsedt. If any of the checks related to the supported link frequencies fail, then the V4L2 fwnode resources do not get released before returning, resulting in a memory leak...
Astra Linux - уязвимость в netcdf
A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling during the parsing of crafted XML files out-of-bounds read after a certain strcspn failure...