Astra Linux – Vulnerability in gnutls28

A issue was discovered in GnuTLS before version 3.6.15. A server can cause a NULL pointer dereferencing in a TLS 1.3 client if a norenegotiation alert is sent at an unexpected time, resulting in an invalid second handshake. The crash occurs during the application’s error handling process, where t...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fixed the null-pointer dereference in pgtablecacheadd. kasprintf returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure. Ensure that the allocation was successful by checking th...

Astra Linux – Vulnerability in Squid

Squid is a caching proxy for the Web that supports HTTP, HTTPS, FTP, and other protocols. Due to a NULL pointer dereference bug, Squid is vulnerable to Denial of Service attacks targeting its Gopher gateway. The Gopher protocol was always available and enabled in Squid prior to Squid 6.0.1...

Astra Linux – Vulnerability in binutils

There is a flaw in the bfdpefscanstartaddress function of bfd/pef.c in binutils, which could allow an attacker who can submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils...

Astra Linux – Vulnerability in binutils

There is a flaw in binutils /bfd/pef.c. An attacker who can submit a crafted input file for processing by the objdump program could cause a null pointer dereference. The greatest threat of this flaw is to the availability of the application. This flaw affects binutils versions prior to 2.34...

Astra Linux – Vulnerability in binutils

A NULL pointer dereference also known as SEGV at an unknown address 0x000000000000 was discovered in the workstuffcopytofrom function in cplus-dem.c within GNU libiberty, as part of the GNU Binutils 2.30 distribution. This issue can occur during the execution of objdump...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A issue was discovered in the Linux kernel through version 6.1-rc8. The function dpucrtcatomiccheck in the file drivers/gpu/drm/msm/disp/dpu1/dpucrtc.c lacks a check for the return value of kzalloc. This issue may lead to a NULL Pointer Dereference...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A vulnerability has been discovered in the Linux kernel. It has been classified as problematic. The affected function is nilfsbmaplookupatlevel in the file fs/nilfs2/inode.c of the nilfs2 component. Manipulation of this function can lead to a null pointer dereference. The attack can be launched...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A NULL pointer dereference flaw was discovered in the az6027 driver, located in the file drivers/media/usb/dev-usb/az6027.c within the Linux Kernel. The message from the user space is not properly checked before being transferred to the device. This flaw could allow a local user to crash the syst...

Astra Linux – Vulnerability in libarchive

In libarchive before version 3.6.2, the software does not check for an error after calling the calloc function. This function may return a NULL pointer if it fails, resulting in a NULL pointer being dereferenced. NOTE: The developer mentions this as a CWE-476 issue, but third parties dispute its...

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. Prior to versions 6.2.7 and 7.0.0, an attacker who attempted to load a specially crafted Lua script could cause a NULL pointer dereference, resulting in a crash of the redis-server process. This issue was fixed in Redis versions 7.0.0 and...

Astra Linux – Vulnerability in curl

Due to the use of a dangling pointer, libcurl versions 7.29.0 through 7.71.1 can use the wrong connection when sending data...

Astra Linux - уязвимость в linux

A vulnerability was discovered in the Linux kernel, specifically in the spkttyioreceivebuf2 function. This function dereferences the spkttyiosynth variable without checking whether it is NULL or not. This could lead to a NULL-ptr deref crash...

Astra Linux - уязвимость в linux

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/eventsbase.c allows event-channel removal during the event-handling loop a race condition. This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash vi...

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2, where the grubextcmddispatcher function calls grubarglistalloc to allocate memory for the grub’s argument list. However, it does not check in case the memory allocation fails. Once the allocation fails, a NULL pointer will be processed by the parseoption function,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the ofmodalias function, we can pass the str and len parameters. This could lead to a kernel oops in vsnprintf, as the function only allows passing a NULL pointer when the length is also 0. Additionally, we need to filter out...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/hsr: A NULL pointer dereference was fixed in prpgetuntaggedframe. prpgetuntaggedframe calls pskbcopy to create frame-skbstd, but does not check whether the allocation fails. If pskbcopy returns NULL, skbclone is called with a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: phy: Fix for accessing an empty array when the phygetinternaldelay function is called, provided that the driver calls phygetinternaldelay without defining delayvalues, and rx-internal-delay-ps or tx-internal-delay-ps is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fixed NULL pointer access in the interrupt handler. The TX buffer in spitransfer can be a NULL pointer. As a result, the interrupt handler may write to invalid memory, causing crashes. Add a check for trans-txbuf...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fixed a NULL dereference when deactivating an inactive aggregate in qfqreset. qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. Th...