166 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed an oops due to the absence of the prealloc backlog struct. If an AFRXRPC service socket is opened and bound, but the calls are pre-allocated, then rxrpcallocincomingcall will cause an oops because the rxrpcbacklog...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: udf: Fixed the issue of discarding data before allocation at the indirect extent boundary. When the preallocation extent is the first one in the extent block, the code would corrupt the extent tree header instead. This issue has...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a traversal bug in ext4mbusepreallocated. During allocation, when searching for pre-allocations PA in the per-inode rbtree, we cannot perform a direct traversal of the tree. This is because...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed the issue of resolving backrefs for inline extents followed by prealloc extents. If a file consists of an inline extent followed by a regular or prealloc extent, then a legitimate attempt to resolve a logical...
CVE-2026-44500
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...
CVE-2026-44500 ZEBRA: Allocation Amplification in Inbound Network Deserializers
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...
CVE-2026-44500
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...
CVE-2026-44500
ZCV-64500: Allocation amplification in Zebra inbound deserializers affects Zebra nodes prior to 4.4.0 across zebrad, zebra-chain, and zebra-network. Inbound messages (headers, blocks, transactions) could be deserialized using generic transport or block-size ceilings, causing unauthenticated/post-...
zebra 安全漏洞
Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained security vulnerabilities. These vulnerabilities stemmed from excessive buffer sizes allocated for multiple inbound deserialization paths, which could allow attackers t...
GHSA-438Q-JX8F-CCCV Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers
CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the...
EUVD-2026-24776
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smbgrantoplock smbgrantoplock has two issues in the oplock publication sequence: 1 opinfo is linked into ci-moplist via opinfoadd before addleasegloballist is called. If...
PT-2026-34349
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The smb grant oplock function in ksmbd contains two issues. First, a use-after-free occurs when opinfo is linked into ci-m op list before add lease global list is called; if the latter...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013141)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013141 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AFRXRPC to provide a server, it...
CVE-2026-35480
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...
GHSA-CCX3-FW7Q-RR2R OpenClaw: Multiple Code Paths Missing Base64 Pre-Allocation Size Checks
Impact Multiple Code Paths Missing Base64 Pre-Allocation Size Checks. Several base64 decode paths could allocate before enforcing decoded-size limits. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service...
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing pre-allocation size checks in the base64 decoding process. An attacker can cause excessive memory allocation by providi...
CVE-2026-35480
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...
CVE-2026-35480
CVE-2026-35480 affects the go-ipld-prime project, specifically the DAG-CBOR decoder. Prior to version 0.22.0, the decoder uses collection size hints from CBOR headers as preallocation hints for maps and lists without capping them or accounting for their cost in its allocation budget. This can lea...
CVE-2026-35480 go-ipld-prime's DAG-CBOR decoder unbounded memory allocation from CBOR headers
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...