Astra Linux - уязвимость в glibc

There exists an exploitable signed comparison vulnerability in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attack...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: Ensure that the tx-skbs always have the MPTCP extensions. Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. This results in a la...

EUVD-2020-27250

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-6096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize th...

CVE-2018-1000224

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...

SUSE CVE-2024-56614

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xskmapdeleteelem function an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit type conversion, a large unsign...

CVE-2024-56614 xsk: fix OOB map writes when deleting elements

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xskmapdeleteelem function an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit type conversion, a large unsign...

OESA-2024-1693 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal...

K40977030: glibc vulnerability CVE-2020-6096

Security Advisory Description An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison...

SUSE CVE-2005-0529

Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the procfileread and locksreadproc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context...

SUSE CVE-2020-6096

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker...

Debian dla-3152 : glibc-doc - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3152 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3152-1 [email protected]...

Ubuntu 16.04 LTS : GNU C Library vulnerabilities (USN-4954-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4954-1 advisory. Jason Royes and Samuel Dytrych discovered that the memcpy implementation for 32 bit ARM processors in the GNU C Library contained an integer underflow...

EulerOS Virtualization 2.9.1 : glibc (EulerOS-SA-2021-1600)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on...

Fedora 32 : glibc (2021-6e581c051a)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-6e581c051a advisory. - The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding...

EulerOS Virtualization for ARM 64 3.0.6.0 : glibc (EulerOS-SA-2020-2019)

According to the version of the glibc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling...

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy() this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

...

EulerOS Virtualization for ARM 64 3.0.2.0 : glibc (EulerOS-SA-2020-1956)

According to the versions of the glibc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds write vulnerability was found in glibc when handling signal trampolines on PowerPC. The backtrace...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2020-1849)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GNU glibc ARMv7 memcpy() memory corruption vulnerability

Summary An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the ‘num’ parameter results in a signed comparison vulnerability. If an attacker...