Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check the dsbr size from the EFI variable Since the size of the struct btinteldsbr is already known, we can simply start checking there instead of querying the size of the EFI variable. If the final result doe...

Astra Linux – Vulnerability in Cairo

A flaw was discovered in cairo’s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo’s image-compositor for example, by convincing a user to open a file in an application that uses cairo, or if an application uses cairo on...

Astra Linux – Vulnerability in connman

A stack-based buffer overflow in dnsproxy in ConnMan prior to version 1.39 could be exploited by network-adjacent attackers to execute malicious code...

Astra Linux – Vulnerability in connman

ConnMan also known as Connection Manager versions 1.30 to 1.39 have a stack-based buffer overflow issue in the uncompress function of dnsproxy.c, occurring due to the use of NAME, RDATA, or RDLENGTH fields for the A or AAAA records...

Astra Linux – Vulnerability in snakeyaml

Those who use Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow. This vulnerability could potentially allow for a Denial of...

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a stack-buffer-overflow vulnerability through the use of putqpelfallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted video file...

Astra Linux – Vulnerability in libjettison-java

It was discovered that Jettison before version 1.5.2 contained a stack overflow vulnerability through the map parameter. This vulnerability allows attackers to cause a Denial of Service DoS attack by using a specially crafted string...

Astra Linux – Vulnerability in exim4

Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected Exim installations. Authentication is not required to exploit this vulnerability. The specific flaw lies in the handling of NTLM...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: BPF, sockmap: Do not allow sockmapclose,destroy,unhash to call itself. Proto callback functions in sockmap should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stac...

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability that may lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction—that is, the victim must open a specially crafted file...

Astra Linux – Vulnerability in Zeromq3

A flaw was discovered in the ZeroMQ server in versions prior to 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The greatest threat posed by this vulnerability is to confidentiality,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: crypto: virtio/akcipher – Fixed a stack overflow issue in memcpy. The value of sizeofstruct virtiocryptoakciphersessionpara is less than sizeofstruct virtiocryptoopctrlreq::u. Copying more bytes from the stack variable leads t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch addressed a issue related to KASAN in stv0367; now a similar problem has emerged with clang: drivers/media/dvb-frontends/stv0367.c:1222:12: Error:...

Astra Linux – Vulnerability in opensc

A stack overflow vulnerability exists in the OpenSC smart card middleware before version 0.23, due to improper responses to APDUs...

Astra Linux – Vulnerability in espeak-ng

It was discovered that Espeak-ng 1.52-dev contains a Stack Buffer Overflow issue due to the function RemoveEnding in the dictionary.c file...

Astra Linux - уязвимость в chromium

A stack buffer overflow in WebRTC in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

A stack buffer overflow in Printing in Google Chrome prior to version 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption through a crafted HTML page...

Astra Linux – Vulnerability in libxstream-java

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service by manipulating the input stream. The attack exploits the hash code implementation used for...

Astra Linux – Vulnerability in ntfs-3g

NTFS-3G versions prior to 2021.8.22 may experience a stack buffer overflow when correcting differences between the MFT Mounted File Table and MFTMirror. This can lead to code execution or an escalation of privileges when using the setuid-root account...

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a stack-based buffer overflow vulnerability that may lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction—that is, the victim must open a specially crafted file...