30 matches found
CVE-2026-58013
A flaw was found in GLib. A buffer over-read can occur in giochannelreadlinebackend in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes ...
EUVD-2026-40315
A flaw was found in GLib. A buffer over-read can occur in giochannelreadlinebackend in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes ...
EUVD-2026-39599
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...
Astra Linux – Vulnerability in c-ares
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and, if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files contains a NULL...
SUSE-SU-2026:22061-1 Security update for libsoup
This update for libsoup fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the RWStlReader::ReadAscii process when buffers returned by StandardReadLineBuffer::ReadLine are not properly length-validated before being used in strncasecmp or accessed directly. An attacker can cause denial of...
CVE-2026-42480
A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr++anOffset without proper...
DEBIAN-CVE-2026-42477
A heap-based out-of-bounds read vulnerability in RWObjReader::read in the OBJ file parser in Open CASCADE Technology OCCT V800rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because...
Open Cascade OCCT 缓冲区错误漏洞
Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A buffer error vulnerability exists in Open Cascade OCCT version V800rc5, which stems from a heap-based out-of-bounds read issue in the RWObjReader::read function in the OBJ file parser, as...
CVE-2026-31797 iccDEV has a heap out-of-bounds read in CTiffImg::ReadLine()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5...
CVE-2026-31797
ICCDev contains a heap out-of-bounds read in CTiffImg::ReadLine() that can occur when iccApplyProfiles processes a crafted TIFF image, leading to memory disclosure or crash. Affected versions are prior to 2.3.1.5; the vulnerability is fixed in 2.3.1.5. The CVSS-based impact is low confidentiality...
CLSA-2025-1756408700 nodejs: Fix of CVE-2024-25629
CVE-2024-25629: prevent reading before buffer start when parsing config files containing an embedded NULL as the first character of a line by discarding such lines in aresreadline...
c-ares Vulnerable to Memory Corruption via Out-of-Bounds Read in ‘ares__read_line’ function
c-ares is vulnerable to memory corruption due to improper parsing of local configuration files. This could allow a local attacker with access to such files to cause a denial-of-service DoS, or potentially leverage to obtain sensitive information from memory...
OESA-2024-2020 c-ares security update
This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple Security Fixes: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as...
OESA-2024-2021 c-ares security update
This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple Security Fixes: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as...
c-ares: Out of bounds read in ares__read_line()
A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...
c-ares: Out of bounds read in ares__read_line()
A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...
c-ares: Out of bounds read in ares__read_line()
A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...
c-ares: Out of bounds read in ares__read_line()
A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...
c-ares: Out of bounds read in ares__read_line()
A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...