CVE-2025-9481

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. The manipulation of the argument tunrdPrefix leads to stack-based buffer...

CVE-2025-9481

The CVE-2025-9481 entry concerns Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices. Affected component: the function setIpv6 in /goform/setIpv6. Root cause: manipulation of the tunrd_Prefix argument leads to a stack-based buffer overflow. Impact: remote exploitation is possible (high impa...

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...

PT-2024-40918 · Diesel · Diesel

Name of the Vulnerable Software and Affected Versions: Diesel versions = 2.2.2 Description: The issue concerns a SQL injection vulnerability that can be exploited by encoding a value larger than 4GiB, causing the length prefix in the protocol to overflow. This can lead to the server interpreting...

CVE-2021-32771

Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have...