15 matches found
CVE-2026-45250
The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...
CVE-2026-45250
The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...
EUVD-2026-31252
The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...
CVE-2026-45250
The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...
CVE-2026-45250 Stack buffer overflow via setcred(2)
The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...
CVE-2026-45250
CVE-2026-45250 concerns a stack buffer overflow in the FreeBSD kernel arising from setcred(2). The unprivileged user can trigger a copyin into a fixed-size kernel-stack array before validating the number of supplementary groups, causing a stack overflow when the list is large. This allows an unpr...
CVE-2026-45250 Stack buffer overflow via setcred(2)
The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...
Exploit for CVE-2026-45250
FreeBSD setcred2 — research artifacts This subdirectory col...
FreeBSD 安全漏洞
FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from the setcred system call. This call copies a user-supplied supplementary group list into a fixed-size kernel stack buffer without verifying the length. This...
FreeBSD : FreeBSD -- Stack buffer overflow via setcred(2) (39728e41-54b5-11f1-8d7a-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 39728e41-54b5-11f1-8d7a-bc241121aa0a advisory. The setcred2 system call is only available to privileged users. However, before the privilege level of...
PT-2026-42398
Name of the Vulnerable Software and Affected Versions FreeBSD versions 14.x Description A stack buffer overflow exists in the setcred2 system call. The issue occurs because a user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer before the privilege level of t...
FreeBSD Security Advisory - FreeBSD-SA-26:18.setcred
FreeBSD Security Advisory - The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the...
FreeBSD-SA-26:18.setcred
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:18.setcred Security Advisory The FreeBSD Project Topic: Stack buffer overflow via setcred2 Category: core Module: setcred Announced: 2026-05-20 Credits: Ryan...
FreeBSD -- Stack buffer overflow via setcred(2)
Problem Description: The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied li...
SUSE CVE-2009-0361
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...