11966 matches found
EUVD-2026-38959
In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdiscpktlensegsinit Most ndostartxmit methods expects headers of gso packets to be already in skb-head. net/core/tso.c users are particularly at risk, because tsobuildhdr does a memcpyhdr, skb-data, hdrlen;...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: perform a shared-unconfirmed check before segmentation. Ulrich reports a regression with nfqueue: If an application does not set the ‘FGSO’ capability flag, and a gso packet with an unconfirmed nfconn...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: sctp: Linearize cloned GSO packets in sctprcv. The cloned headskb still shares these frag SKBs in the fraglist with the original headskb. Accessing these frag SKBs is not safe. syzbot reported two bugs related to the use of...
Astra Linux – Vulnerability in libde265
strukturag libde265 commit d9fea9d was discovered to contain a segmentation fault due to the component decodercontext::computeframedroptable...
Astra Linux – Vulnerability in taglib
TagLib before version 2.0 allows a segmentation violation and causes the application to crash during tag writing when a crafted WAV file is used, in which the id3 chunk is the only valid chunk...
PT-2026-51985
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the handling of Generic Segmentation Offload GSO packet headers. The qdisc pkt len segs init function fails to properly pull headers into the expected memory location,...
PT-2026-51651
Name of the Vulnerable Software and Affected Versions Hubbell Aclara Metrum affected versions not specified Description The Cellular Web Interface contains a flaw where missing authentication allows unauthenticated attackers to manipulate critical device settings and disrupt operations. This issu...
postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write
A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the Oj::Parser when operating in SAJ mode with object keys of 35 bytes or longer. An attacker can cause a segmentation fault by triggering garbage collection within a callback, leading to use of a freed memory pointer...
GHSA-M578-W5VF-RFCM Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...
Astra Linux – Vulnerability in binutils
A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.32. It is an integer overflow that leads to a segmentation fault in bfddwarf2findnearestline in dwarf2.c, as demonstrated by the nm tool...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Net: Properly handles tunneled traffic when using GSO fallback for IPV6CSUM. NETIFFIPV6CSUM only indicates support for packet checksum offloading without IPv6 extension headers. Packets with extension headers must rely on...
Astra Linux – Vulnerability in binutils
A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.31. An invalid memory address dereference was identified in the readreloc function in reloc.c. This vulnerability causes a segmentation fault and results in the crash of the...
Astra Linux – Vulnerability in cjson
It has been discovered that cJSON v1.7.16 contains a segmentation violation due to the use of the cJSONInsertItemInArray function in the cJSON.c library...
Astra Linux – Vulnerability in TIF format
A segmentation fault flaw was discovered in libtiff, which can be triggered by passing a crafted TIF file to the TIFFReadRGBATileExt API. This flaw allows a remote attacker to cause a heap buffer overflow, resulting in a denial of service...
Astra Linux – Vulnerability in advancecomp
A segmentation fault flaw was detected in the Advancecomp package. This may result in reduced availability...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: Fix NULL pointer in skbsegmentlist. The commit 3a1296a38d0c “net: Support GRO/GSO fraglist chaining” introduced a bug where the GRO was processed using a UDP list. The segmentation of data relies on fraglist not being modifi...
Astra Linux – Vulnerability in Fribidi
A segmentation fault flaw was discovered in the Fribidi package, affecting the fribidiremovebidimarks function in the lib/fribidi.c file. This flaw allows an attacker to submit a specially crafted file to Fribidi, resulting in a crash and causing a denial of service...