Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powercap: armscmi: Recursion during zone parsing was removed. Powercap zones are defined as being arranged in a hierarchical tree structure. When registering a zone using powercapregisterzone, the kernel’s powercap subsystem...

Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a potential security issue involving infinite recursion in the MSL Magick Scripting Language command when writing to MSL format. Version 7.1.2-13 addresses this issue...

Astra Linux - уязвимость в zeromq3

A flaw was discovered in the ZeroMQ server in versions prior to 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The greatest threat posed by this vulnerability is to confidentiality,...

Astra Linux - уязвимость в editorconfig-core

There is a stack buffer overflow issue in the ecglob function of editorconfig-core-c before version 0.12.6. This vulnerability allows an attacker to write arbitrary data to the stack, potentially leading to remote code execution. Editorconfig-core-c version 0.12.6 has addressed this vulnerability...

Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service—only by manipulating the processed input stream when XStream is configured to use th...

Astra Linux - уязвимость в snakeyaml

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow...

Astra Linux - уязвимость в htmldoc

HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hdstrlcpy function in string.c when called from rendercontents in ps-pdf.cxx via a crafted HTML document...

Astra Linux - уязвимость в libpodofo

A flaw was discovered in PoDoFo 0.9.7. An uncontrolled recursive call within the functions PdfTokenizer::ReadArray, PdfTokenizer::GetNextVariant, and PdfTokenizer::ReadDataType can lead to a stack overflow issue...

Astra Linux - уязвимость в linux, linux-5.10

A stack overflow flaw was discovered in the Linux kernel’s SYSCTL subsystem regarding how a user modifies certain kernel parameters and variables. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...

Astra Linux – Vulnerability in opensc

The gemsafe GPK smart card software driver in OpenSC before version 0.21.0-rc1 has a stack-based buffer overflow in the scpkcs15emugemsafeGPKinit function...

Astra Linux - уязвимость в ntfs-3g

NTFS-3G versions prior to 2021.8.22 may experience a stack buffer overflow when correcting differences between the MFT Mounted File Table and MFTMirror. This can lead to code execution or an escalation of privileges when using the setuid-root account...

Astra Linux - уязвимость в qemu

A stack overflow vulnerability was discovered in the Intel HD Audio device intel-hda of QEMU. A malicious guest could exploit this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The greatest threat posed by this vulnerability is to system availability. Thi...

Astra Linux – Vulnerability in libpodofo

A stack-based buffer overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service through the ‘src/base/PdfDictionary.cpp:65’ component...

Astra Linux - уязвимость в libjettison-java

Those who use Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow. This vulnerability could facilitate a Denial of Servic...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/32: Fixed the hard lockup that occurred due to vmap stack overflow. Since the commit c118c7303ad5 “powerpc/32: Fixed vmap stack – Do not activate the MMU before reading the task struct”, a vmap stack overflow would result...

Astra Linux - уязвимость в exempi

The XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability that may lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction—that is, the victim must open a specially crafted file...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Add a wrapper around the mlx5etxreporterdumpsq function to extract the SQ value from the struct mlx5etxtimeoutctx structure. In the TX-timeout-recovery flow, the argument passed to this function is actually of type...

Astra Linux – Vulnerability in snakeyaml

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow...

Astra Linux - уязвимость в u-boot

In Das U-Boot through 2022.07-rc5, an integer signedness error and resulting stack-based buffer overflow occur in the “i2c md” command, which allows for the corruption of the return address pointer of the doi2cmd function...

Astra Linux - уязвимость в qemu

A potential stack overflow issue due to an infinite loop was identified in various NIC emulators of QEMU, in versions up to and including 5.2.0. The issue occurs in the loopback mode of a NIC, where reentrant DMA checks are bypassed. A guest user/process may exploit this flaw to consume CPU cycle...