Astra Linux - уязвимость в apache2

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch, especially when an extremely large input buffer is used. Although no code distributed with the server can be forced to make such a call, third-party modules or Lua scripts that us...

CVE-2026-5367

CVE-2026-5367 : A flaw in OVN (Open Virtual Network) allows a remote attacker to trigger an out-of-bounds read in ovn-controller by sending crafted DHCPv6 SOLICIT packets with an inflated Client ID length. This can disclose sensitive heap memory to the attacker’s VM port. Connected sources consis...

kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing

A flaw was found in the Linux kernel's USB core configuration parsing. Specifically, the usbparsessendpointcompanion function incorrectly checks the descriptor type before its length, which can lead to reading data beyond the intended buffer. This out-of-bounds read vulnerability could allow a...

SUSE-SU-2025:20557-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...

SUSE SLES12 Security Update : libssh (SUSE-SU-2025:02755-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02755-1 advisory. - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management bsc1245311. CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in...

SUSE-SU-2025:02229-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management bsc1245311. - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized variable in...

CLSA-2023-1695752598 httpd: Fix of 4 CVEs

CVE-2022-23943: Fix out-of-bound write in modsed - CVE-2022-22721: Fix integer overflow which resulted in out-of-bounds write - CVE-2022-28615: Fix read beyond bounds in apstrcmpmatch - CVE-2022-31813: Fix possible bypass of IP based authentication...

CVE-2023-25005

A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability...

CVE-2022-33884

Parsing a maliciously crafted XB file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

CVE-2022-33881

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

PT-2022-18652 · Autodesk · Designreview.Exe

Name of the Vulnerable Software and Affected Versions: DesignReview.exe affected versions not specified Description: The issue arises when a maliciously crafted TIFF file is consumed through the DesignReview.exe application, causing it to read beyond allocated boundaries while parsing the TIFF...

SUSE-SU-2022:2302-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in modproxyajp bsc1200338 - CVE-2022-28614: Fixed read beyond bounds via aprwrite bsc1200340 - CVE-2022-28615: Fixed read beyond bounds in apstrcmpmatch bsc1200341 - CVE-2022-29404: Fixed denial...

OESA-2022-1718 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to...

CVE-2022-27531

A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

ALPINE-CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

DEBIAN-CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

UBUNTU-CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

Internet Bug Bounty: Read beyond bounds via ap_rwrite() [zhbug_httpd_47.2]

Greetings. I have found that aprwrite /server/protocol.c can cause a read beyond bounds with the extra data sent to an attacker. The bug is that aprwrite passes its |int nbyte| argument to bufferoutput, where bufferoutput's corresponding |len| argument isa |aprsizet|. Thus, a negative |nbyte| val...

Internet Bug Bounty: Controllable read beyond bounds in lua_websocket_readbytes() [zhbug_httpd_126]

Greetings. I have found a read-beyond-bounds bug in luawebsocketreadbytes that permits an attacker to exfiltrate a controllable amount of heap data if the victim site runs a suitable LUA program. The bug is due to misuse of apgetbrigade and aprbucketread. The following code from v2.4.53 assumes...