Lucene search
+L

16 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-10666

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS0.00346EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 5 days ago5 views

CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS6.2AI score0.00346EPSS
Exploits0References3
CVE
CVE
added 5 days ago21 views

CVE-2026-10666

CVE-2026-10666 affects Zephyr’s net_ipaddr_parse() path (IPv4 address-with-port parsing via net_ipaddr_parse() in subsys/net/ip/utils.c). The bug stems from parse_ipv4() copying the port suffix into a fixed 17-byte buffer without validating port length, using a length derived from an unbounded in...

8.1CVSS6.2AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 5 days ago3 views

CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS6.2AI score0.00346EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.14 views

CVE-2026-52986

A flaw was found in the Linux kernel's netfilter SIP Session Initiation Protocol connection tracking module. This vulnerability, caused by unsafe port parsing, allows a remote attacker to send specially crafted malformed packets. Such packets could lead to excessive resource consumption,...

9.8CVSS5.9AI score0.00559EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-52986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport...

9.8CVSS6.2AI score0.00559EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38854

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...

6AI score0.00559EPSS
Exploits0References9
NVD
NVD
added 2026/06/24 5:17 p.m.9 views

CVE-2026-52986

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...

9.8CVSS0.00559EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.34 views

CVE-2026-52986 netfilter: nf_conntrack_sip: don't use simple_strtoul

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...

9.8CVSS0.00559EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:29 p.m.36 views

CVE-2026-52986

The CVE-2026-52986 issue affects the Linux kernel netfilter nf_conntrack_sip module, where unsafe port parsing on non-NUL-terminated data allowed malformed SIP packets to affect conntrack processing. The fix introduces a dedicated sip_parse_port() that validates each digit against the buffer limi...

9.8CVSS6AI score0.00559EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/24 4:29 p.m.2 views

CVE-2026-52986 netfilter: nf_conntrack_sip: don't use simple_strtoul

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...

9.8CVSS6AI score0.00559EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51880

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf conntrack sip module due to unsafe port parsing. The system used the simple strtoul function, which assumes strings are NUL-terminated, on...

9.8CVSS5.8AI score0.00559EPSS
Exploits0References11
NVD
NVD
added 2025/09/15 2:15 p.m.10 views

CVE-2023-53170

In the Linux kernel, the following vulnerability has been resolved: net: dsa: Removed unneeded ofnodeput in felixparseportsnode Remove unnecessary ofnodeput from the continue path to prevent child node from being released twice, which could avoid resource leak or other unexpected issues...

5.5CVSS0.00128EPSS
Exploits0References2
OSV
OSV
added 2024/10/21 1:15 p.m.5 views

DEBIAN-CVE-2024-47751

In the Linux kernel, the following vulnerability has been resolved: PCI: kirin: Fix buffer overflow in kirinpcieparseport Within kirinpcieparseport, the pcie-numslots is compared to pcie-gpioidreset size MAXPCISLOTS which is correct and would lead to an overflow. Thus, fix condition to...

7.8CVSS6.6AI score0.00232EPSS
Exploits0References1
Snyk
Snyk
added 2024/01/03 9:44 p.m.6 views

Integer Overflow or Wraparound

Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the vaporurlparserparse function. An attacker can spoof the host by padding the port number with zeros, causing an integer overflow when the URL...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References2
OSV
OSV
added 2019/07/10 3:15 p.m.6 views

UBUNTU-CVE-2017-7189

main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number i.e...

7.5CVSS7.1AI score0.02492EPSS
Exploits0References2
Rows per page
Query Builder