rust-openssl 缓冲区错误漏洞

rust-openssl is an open-source library in the rust ecosystem that allows for interaction with the OpenSSL library. Prior to version 0.10.78, rust-openssl had a buffer error vulnerability. This vulnerability stemmed from an incorrect assertion in aes::unwrapkey, where the condition out.len + 8 =...

PT-2025-40642

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's TLS implementation where the system may not properly abort a connection stream when invalid record headers are detected. Specifically, if the socket h...

SUSE CVE-2025-22049

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Increase ARCHDMAMINALIGN up to 16 ARCHDMAMINALIGN is 1 by default, but some LoongArch-specific devices such as APBDMA require 16 bytes alignment. When the data buffer length is too small, the hardware may make an error...

DEBIAN-CVE-2025-22049

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Increase ARCHDMAMINALIGN up to 16 ARCHDMAMINALIGN is 1 by default, but some LoongArch-specific devices such as APBDMA require 16 bytes alignment. When the data buffer length is too small, the hardware may make an error...

Integer overflows in URL parser

libcurl contains two integer overflows in the curlurlset function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32-bit architectures and require excessive string input lengths...

apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream

A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter...