61 matches found
SUSE CVE-2026-54514
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...
GHSA-HGJ6-7826-R7M5 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)
Summary JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an InetSocketAddress field issues an...
Server-side Request Forgery (SSRF)
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class,...
UBUNTU-CVE-2026-54514
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...
CVE-2026-54514
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...
EUVD-2026-38592
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...
CVE-2026-54514
CVE-2026-54514 affects jackson-databind’s InetSocketAddress handling during deserialization. From 2.0.0 up to fixes in 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress(host, port), causing eager DNS resolution at readValue time and enabling an attacker to trigger...
PT-2026-51597
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.0.0 through 2.18.7 jackson-databind versions 2.19.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description The JDKFromStringDeserializer function constructs InetSocketAddress using new...
SUSE CVE-2026-48860
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...
CVE-2026-43088
In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...
CVE-2026-43088
CVE-2026-43088 (Linux kernel) affects PF_KEY export paths in the net: af_key code, where IPv6 sockaddr payloads were not fully initialized in certain export messages (SADB_ACQUIRE, SADB_X_NAT_T_NEW_MAPPING, SADB_X_MIGRATE). The issue arises because pfkey_sockaddr_size() reserves 32 bytes for IPv6...
EUVD-2026-10334
The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...
CVE-2025-40123
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...
bpf: Explicitly check accesses to bpf_sock_addr
...
Linux Distros Unpatched Vulnerability : CVE-2025-40078
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Explicitly check accesses to bpfsockaddr Syzkaller found a kernel warning on the following sockaddr program: 0: r0 = 0 1: r2 = u32 r1 +60 2: exit which...
EUVD-2018-0210
Malware in sbrugna...
EUVD-2018-4003
Malware in sbrugna...
EUVD-2021-1701
Malware in sbrugna...
PT-2025-46598
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s BPF subsystem contains an issue where the expected attach type is not properly enforced for tailcall compatibility. A fuzzer tool discovered an uninitialized pointer...
CVE-2025-39678 platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/hsmp: Ensure sock-metrictbladdr is non-NULL If metric table address is not allocated, accessing metricsbin will result in a NULL pointer dereference, so add a check...