dnsmasq: Broken ECS source validation bypass

A validation bypass was discovered in dnsmasq's RFC 7871 client subnet ECS handling. When verifying ECS source information in DNS responses, dnsmasq passes the OPT record length instead of the full packet length to the validation function.This causes all internal bounds checks to fail, completely...

dnsmasq: Broken ECS source validation bypass

A validation bypass was discovered in dnsmasq's RFC 7871 client subnet ECS handling. When verifying ECS source information in DNS responses, dnsmasq passes the OPT record length instead of the full packet length to the validation function.This causes all internal bounds checks to fail, completely...

dnsmasq: extract_addresses() OOB read via malformed rdlen

A heap out-of-bounds read vulnerability was discovered in dnsmasq's DNS response processing. The extractaddresses function trusts the declared record data length rdlen without verifying that a subsequent call to extractname stays within the record boundary. A crafted DNS response with a mismatche...

CVE-2026-5172

A heap out-of-bounds read vulnerability was discovered in dnsmasq's DNS response processing. The extractaddresses function trusts the declared record data length rdlen without verifying that a subsequent call to extractname stays within the record boundary. A crafted DNS response with a mismatche...

USN-8268-1: Dnsmasq vulnerabilities

Andrew S. Fasano, Royce M, and Hugo Martinez Ray discovered that Dnsmasq did not allocate the necessary space to store domain names in some contexts. An attacker could possibly use this issue to write out-of-bounds, and could cause a denial of service or execute arbitrary code. CVE-2026-2291 Royc...

CVE-2026-43171

The CVE-2026-43171 described affects the Linux kernel EFI/CPER component where cper_print_fw_err() does not validate the error-record length against the given offset, allowing an underflow that can cause dumping of large memory regions. Consequences include potential data disclosure and system in...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to check the length of error records in the cperprintfwerr module. This vulnerability...

CVE-2026-27711

CVE-2026-27711 affects NanaZip (open source file archive) through a memory corruption flaw in NanaZip’s UFS parser present in versions prior to 6.0.1638.0 and 6.5.1638.0. A crafted .ufs/.ufs2/.img file can trigger out-of-bounds memory access during archive open/list operations, reachable via norm...

SUSE-SU-2026:0348-1 Security update for bind

This update for bind fixes the following issues: Upgrade to release 9.20.18: - CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records bsc1256997 Feature Changes: Add more information to the rndc recursing output about fetches. Reduce the number of outgoing queries. Provide more...

UBUNTU-CVE-2025-40349

In the Linux kernel, the following vulnerability has been resolved: hfs: validate record offset in hfsplusbmapalloc hfsplusbmapalloc can trigger a crash if a record offset or length is larger than nodesize 15.264282 BUG: KASAN: slab-out-of-bounds in hfsplusbmapalloc+0x887/0x8b0 15.265192 Read of...

EUVD-2013-4013

Malware in sbrugna...

EUVD-2023-0749

Malicious code in bioql PyPI...

SUSE CVE-2025-38428

In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in imspcuflashfirmware The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unverified validity of the reclen field of a directory entry, which could cause the kernel to crash...

Buffer Overflow

librecad:sid is vulnerable to buffer overflow. The vulnerability due to get the Unauthorized access for DBF file. It allow an attacker get access could extract the sensitive information and changes the record length...

SUSE CVE-2008-1950

Integer signedness error in the gnutlsciphertext2compressed function in lib/gnutlscipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service buffer over-read and crash via a certain integer value in the Random field in an encrypted Client Hello message withi...

Buffer overflow

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length,...

UBUNTU-CVE-2015-8733

The ngsnifferprocessrecord function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service...

OracleVM 3.2 : onpenssl (OVMSA-2014-0008)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 ...

Design/Logic Flaw

Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."...