6706 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fixed a memory leak in pinconfgenericParseDtconfig In pinconfgenericParseDtconfig, if parseDtCfg fails, it returns directly. This bypasses the cleanup logic, resulting in a memory leak of theCfg buffer...
Astra Linux - уязвимость в golang-1.19
Calling any of the Parse functions in Go source code that contains //line directives with very large line numbers can lead to an infinite loop due to integer overflow...
Astra Linux - уязвимость в libass
A stack overflow occurred in the parsetag function in libass/assparse.c in libass before version 0.15.0. This vulnerability allows remote attackers to cause a denial of service or remote code execution through a crafted file...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fixed an error in handling chameleonparsegdd If mcbdeviceregister returns an error in chameleonparsegdd, the reference count of the bus and device names is exposed. This issue is addressed by calling putdevice to...
Astra Linux - уязвимость в tinyxml
In the TiXmlDeclaration::Parse method in tinyxmlparser.cpp within TinyXML, up to version 2.6.2, there is a potentially exploitable assertion which can lead to application exit. This issue occurs when a malicious XML document is used, where a null character \0 is placed after a whitespace...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup of partially initialized sync objects occurs during parse failures. The function xesyncentryparse can allocate references such as syncobjs, fences, chain fences, or user fences before encountering subsequent...
Astra Linux - уязвимость в python-django, python2.7
Packages containing “python/cpython” from versions 0 and earlier, including 3.6.13, 3.7.0 and earlier than 3.7.10, 3.8.0 and earlier than 3.8.8, 3.9.0 and earlier than 3.9.2, are vulnerable to Web Cache Poisoning via “urllib.parse.parseqsl” and “urllib.parse.parseqs”. This vulnerability occurs du...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: fixed the null-ptr-deref issue in hugetlbfsParseParam Syzkaller reported a null-ptr-deref bug as follows: ====================================================== KASAN: null-ptr-deref in range...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: In the ice function, there was a issue where the untrusted value of pktlen was used in icevcfdirparseRaw. This vulnerability was fixed by checking that the value of pktlen does not exceed the VIRTCHNLMAXSIZERAWPACKET value...
Astra Linux - уязвимость в htmldoc
A flaw was discovered in htmldoc in v1.9.12 and earlier versions. A stack buffer overflow in the parsetable function in ps-pdf.cxx may allow for the execution of arbitrary code and cause a denial of service attack...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fixed an out-of-bounds access in parseintegerlimit. When configuring osnoisecpus using the write system call, the following KASAN exception may occur: BUG: KASAN: Out-of-bounds access in...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed potential OOBs in smb2ParseContexts Validated offsets and lengths before dereferencing and creating contexts in smb2ParseContexts. This fixes the following OOPs when accessing invalid create contexts from th...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: A potential dereference issue with RCU resources has been fixed in the wilcparsejoinbssparam function. In the wilcparsejoinbssparam function, the TSF field of the ies structure is accessed after the RCU read-side...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fixed the memory leak in pathlist. Clang static analysis reports this error. sandboxer.c:134:8: Warning: Potential memory leak pointed to by ‘pathlist’. ret = 0; ^ pathlist is allocated in parsepath, but never...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ath10k: Error handling in ath10ksetupmsaresources has been fixed. The devicenode pointer is returned by ofparsephandle, with the refcount incremented. We should use ofnodeput on it after that operation. This function only call...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: HID: usbhid: Eliminated a recurring out-of-bounds error in usbhidparse. Updated the struct hiddescriptor to better reflect the mandatory and optional parts of the HID descriptor according to the USB HID 1.11 specification. Not...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: A out-of-bounds error in parsesecdesc has been fixed. If osidoffset, gsidoffset, and dacloffset can be greater than smbntsdstruct.size. If they are smaller, it may lead to an out-of-bounds situation. Additionally, when...
Astra Linux - уязвимость в ffmpeg5, ffmpeg
FFmpeg n6.1.1 has an integer overflow vulnerability. The vulnerability resides in the parseoptions function in the sbgdec.c file, within the libavformat module. When parsing certain options, the software does not properly validate the input. This allows negative duration values to be accepted...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: Fixed the error code msmParseDeeps. The SUBMITERROR macro converts the error code to a negative value. This additional '-' operation reverts it back to a positive EINVAL. The error code is passed to ERRPTR; since...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify the content returned by parseintarray. The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 will result in a null-ptr-deref error...