1760 matches found
CVE-2026-54902
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...
CVE-2026-54902
CVE-2026-54902 affects the Ruby gem Oj (Optimized JSON). In SAJ mode prior to 3.17.2, the parser’s key caching can be GC’d while the C parser still references it, causing a Use-After-Free and a segfault when a freed VALUE is accessed. The issue is fixed in version 3.17.2. Exploitation details are...
CVE-2026-47205
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...
CVE-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...
CVE-2026-57437
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...
CVE-2026-57435
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...
CVE-2026-57236
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...
CVE-2026-57435 Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...
EUVD-2026-39419
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...
PT-2026-52448
Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description In the CRuby libxml2 implementation, calling the Documentencoding= method with an invalid encoding, such as a non-string or a string containing a null byte, triggers an exception. This process occu...
PT-2026-52450
Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description The CRuby native extension of this XML and HTML library can leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code has already accessed an attribut...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Fixed a segfault in tcmlooptpgaddressshow If the allocation of tlhba-sh fails in tcmloopdriverprobe, and we attempt to dereference it in tcmlooptpgaddressshow, we will encounter a segfault. See below for an...
GHSA-VWM4-62GF-X745 Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...
Astra Linux – Vulnerability in busybox
The decompressgunzip.c file in BusyBox contains an issue where version 1.32.1 improperly handles the error bit associated with the huftbuild result pointer. This results in an invalid free operation or segmentation fault due to malformed gzip data...
Astra Linux – Vulnerability in Raptor2
A malformed input file can lead to a segfault due to an out of bounds array access in raptorxmlwriterstartelementcommon...
Astra Linux – Vulnerability in gst-plugins-good1.0
DOS: Potential heap overwrite during MKV demuxing using LZO decompression. Integer overflow in the Matroskademux element within the LZO decompression function can cause a segfault, or potentially a heap overwrite, depending on the libc and operating system. Depending on the libc used and the...
Astra Linux – Vulnerability in ncurses
ncurses 6.3 before patch 20220416 contains a buffer overflow vulnerability and segmentation violation in the convertstrings function in the tinfo/readentry.c file of the terminfo library...
Astra Linux – Vulnerability in exiv2
There is a vulnerability in the SEGV method in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of the tiffimageint.cpp file, within Exiv2 0.27-RC3. A crafted input can lead to a remote denial-of-service attack...
Astra Linux – Vulnerability in libxml2
In libxml2 before version 2.10.4, parsing certain invalid XSD schemas can lead to a NULL pointer dereferencing, followed by a segfault. This issue occurs in the xmlSchemaFixupComplexType function in xmlschemas.c...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nubus: The conversion of proccreatesingledata was partially reverted. The conversion to proccreatesingledata introduced a regression, where reading a file from /proc/bus/nubus resulted in a segmentation fault: grep -r...