21 matches found
CVE-2026-44892 Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...
PT-2026-47603
Name of the Vulnerable Software and Affected Versions Netty affected versions not specified Description The default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec does not enforce a maximum header size limit. When a peer does not specify HTTP3 SETTINGS MAX FIELD SECTION SIZ...
Astra Linux – Vulnerability in binutils
The loadspecificdebugsection function in objdump.c within GNU Binutils, as of version 2.31.1, contains an integer overflow vulnerability that can trigger a heap-based buffer overflow if a crafted section size is used...
gdb: Fix of CVE-2019-1010180
CVE-2019-1010180: add warning for corrupt ELF section size larger than file...
CLSA-2026-1777446434 gdb: Fix of CVE-2019-1010180
CVE-2019-1010180: add warning for corrupt ELF section size larger than file...
CLSA-2026-1777308938 gdb: Fix of CVE-2019-1010180
CVE-2019-1010180: add warning for corrupt ELF section size larger than file...
CLSA-2026-1776693427 Fix CVE(s): CVE-2019-1010180
SECURITY UPDATE: buffer overflow when ELF section size is invalid - debian/patches/CVE-2019-1010180.patch: reject ELF sections whose recorded size exceeds the file size - CVE-2019-1010180...
CLSA-2025-1764771100 Fix CVE(s): CVE-2019-1010180
SECURITY UPDATE: Buffer overflow when ELF section size is invalid - debian/patches/CVE-2019-1010180.patch: Skip processing invalid ELF sections - CVE-2019-1010180...
CVE-2024-57945
In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. And the struct page's va can be calculated with ...
CVE-2024-57945 riscv: mm: Fix the out of bound issue of vmemmap address
In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. And the struct page's va can be calculated with ...
SUSE: Security Advisory (SUSE-SU-2024:1462-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2018-20671
loadspecificdebugsection in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size...
CentOS 8 : binutils (CESA-2021:4364)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4364 advisory. - binutils: Race window allows users to own arbitrary files CVE-2021-20197 - binutils: Heap-based buffer overflow in bfdgetlsigned32 in libbfd.c becaus...
Moderate: binutils security update
The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: Excessive debug...
CLSA-2021-1635459149 Fix CVE(s): CVE-2021-3487
SECURITY UPDATE: - CVE-2021-3487.patch: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c readsection. - CVE-2021-3487...
DEBIAN-CVE-2018-20671
loadspecificdebugsection in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size...
CVE-2018-20671
loadspecificdebugsection in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size...
CVE-2017-13757
The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to elfi386getsyntheticsymtab...
openSUSE Security Update : gstreamer-plugins-bad (openSUSE-2017-63)
This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes : - Check an integer overflow CVE-2016-9445 and initialize a buffer CVE-2016-9446 in vmncdec. bsc1010829 - CVE-2016-980...
SUSE-SU-2016:3296-1 Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes: - Check an integer overflow CVE-2016-9445 and initialize a buffer CVE-2016-9446 in vmncdec. bsc1010829 - CVE-2016-9809...