CVE-2026-45865

The CVE affects the Linux kernel mctp i2c subsystem. The issue arises in the i2c event handler read path where reads could return an uninitialised value (stack u8) for i2c-aspeed and i2c-npcm7xx; a fix now sets reads to 0xff. Affected scenario involves mctp-i2c devices and reads such as i2ctransf...

CVE-2026-45865

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...

CVE-2026-45865

mctp i2c: initialise event handler read bytes...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: aqc111: Fixed error handling of usbnet read calls Syzkaller, with the help of syzbot, identified an error in the aqc111 driver. This error was caused by incomplete sanitization of the results of usbnet read calls. Th...

SUSE CVE-2026-43221

In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: initialise event handler read bytes IPMB doesn't use i2c reads, but the handler needs to set a value. Otherwise an i2c read will return an uninitialised value from the bus driver...

EUVD-2026-27783

In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: initialise event handler read bytes IPMB doesn't use i2c reads, but the handler needs to set a value. Otherwise an i2c read will return an uninitialised value from the bus driver...

CVE-2026-43221

CVE-2026-43221 affects Linux kernel IPMI/IPMB: the event handler responsible for IPMB read bytes may fail to initialize reads, causing an I2C read to return an uninitialised value from the bus driver. This is described across multiple advisories (Root-OS-UBUNTU-2404, SUSE, Red Hat) as a patchable...

CVE-2026-33666 Zserio: Integer Overflow in BitStreamReader on 32-bit platforms

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes / readString, the setBitPosition bounds check receives the overflowed value and is completely bypassed. The code then reads len bytes 512 MB fr...

PT-2026-35056

Name of the Vulnerable Software and Affected Versions Zserio versions prior to 2.18.1 Description An issue exists in the readBytes and readString functions within BitStreamReader.h where the setBitPosition bounds check receives an overflowed value and is bypassed. This allows the system to attemp...

Linux Distros Unpatched Vulnerability : CVE-2018-20230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function readbytesinternal in utilities/pspp-dump-sav.c, which allows...

CVE-2023-21163

In PMRReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

UBUNTU-CVE-2023-33717

mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes had allocated memory but did not catch exceptions thrown by ReadBytes...

PT-2023-3434 · Mp4V2 · Mp4V2

Name of the Vulnerable Software and Affected Versions: mp4v2 version 2.1.3 Description: The issue is related to a memory leak in the mp4v2 library when a method calling MP4File::ReadBytes allocates memory but does not catch exceptions thrown by ReadBytes. This can lead to a denial of service...

SUSE CVE-2018-20230

An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function readbytesinternal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service application crash or possibly have unspecified other impact...

SUSE CVE-2022-39831

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function readbytesinternal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service application crash or possibly have unspecified other impact. This issue is different from CVE-2018-20230...

DEBIAN-CVE-2022-39831

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function readbytesinternal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service application crash or possibly have unspecified other impact. This issue is different from CVE-2018-20230...

UBUNTU-CVE-2022-39831

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function readbytesinternal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service application crash or possibly have unspecified other impact. This issue is different from CVE-2018-20230...

GNU PSPP 缓冲区错误漏洞

GNU PSPP is an application for data sampling, statistics and analysis. A security vulnerability exists in GNU PSPP version 1.6.2, which stems from a heap-based buffer overflow in the function readbytesinternal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service...

Deserializing an array can drop uninitialized memory on panic

The readbytesdefaultle function for T; n arrays, used to deserialize arrays of T from bytes created a T; n array with std::mem::uninitialized and then called T's deserialization method. If T's deserialization method panicked, the uninitialized memory could drop invalid objects. This flaw was...

PT-2016-3312 · Openssl +4 · Openssl +4

Name of the Vulnerable Software and Affected Versions: OpenSSL version 1.1.0 before 1.1.0a OpenSSL versions 1.1.0 through 1.1.0 excluding 1.1.0a and later Description: The issue is related to the ssl3 read bytes function in record/rec layer s3.c in OpenSSL. It allows remote attackers to cause a...