71 matches found
kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...
kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...
kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...
kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...
SUSE CVE-2026-7736
A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...
SUSE CVE-2026-43501
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...
Linux Distros Unpatched Vulnerability : CVE-2026-43501
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into...
CVE-2026-43501
A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...
CVE-2026-43501
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...
CVE-2026-43501
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...
UBUNTU-CVE-2026-43501
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...
CVE-2026-43501
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...
CVE-2026-43501
CVE-2026-43501 - Linux kernel IPv6 SRH headroom bug : The issue occurs in ipv6_rpl_srh_rcv() when decompressing and recompressing RFC 6554 Source Routing Headers, where the recompressed IPv6 header can grow beyond the received header. The root cause is an unsafe headroom handling in pskb_expand_h...
CVE-2026-43501 ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...
EUVD-2026-31276
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...
PT-2026-42457
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ipv6 rpl srh rcv function during the decompression and recompression of RFC 6554 Source Routing Headers. When the recompressed header is larger than the received...
CVE-2026-7735
A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : FRR vulnerability (USN-8175-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8175-1 advisory. It was discovered that FRR did not correctly handle certain network requests. A remote attacker could possibly use this issue to...
CVE-2026-5123
A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data1 can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The...
CVE-1999-0909
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability...