FreeBSD-SA-26:14.pf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:14.pf Security Advisory The FreeBSD Project Topic: pf can overflow the stack parsing crafted SCTP packets Category: core Module: pf Announced: 2026-04-29...

PT-2026-36007

Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description When processing the header of an incoming message, libnv fails to properly validate the message size. This lack of validation allows a malicious program to write outside the bounds of a heap...

EUVD-2026-26230

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

PT-2026-36009

Name of the Vulnerable Software and Affected Versions FreeBSD dhclient affected versions not specified Description The FreeBSD DHCP client fails to escape embedded double-quotes when writing the BOOTP file field to the lease file. This allows a rogue DHCP server on the same network to inject...

TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU is a wireless router product from TOTOLINK Corporation. Versions of TOTOLINK A3002RU such as V3.0.0-B20220304.1804 and earlier contain security vulnerabilities. These vulnerabilities stem from a stack-based buffer overflow vulnerability in the hostname parameter within the...

PT-2026-36011

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...

PT-2026-36008

Name of the Vulnerable Software and Affected Versions libnv affected versions not specified Description When exchanging data over a socket, the software uses the select function to wait for data. It fails to verify if the provided socket descriptor exceeds the file descriptor set size limit of FD...

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWALL SonicOS, which stems from a stack buffer overflow issue after authentication. This vulnerability may allow...

Allok Video Converter 安全漏洞

Allok Video Converter is a video encoding tool developed by Allok Corporation. Version 2.6.1217 of Allok Video Converter contains a security vulnerability. This vulnerability stems from a stack-based buffer overflow issue, which could allow local attackers to overwrite execution code by triggerin...

FreeBSD -- Stack overflow via select() file descriptor set overflow

Problem Description: When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. Impact: An attacker who is able to force a libnv applicati...

FreeBSD -- pf can overflow the stack parsing crafted SCTP packets

Problem Description: Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Impact: Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to...

PT-2026-36010

Name of the Vulnerable Software and Affected Versions dhclient affected versions not specified Description When building an environment to pass to dhclient-script, the software may resize the array of string pointers. The code responsible for expanding this array incorrectly calculates the new...

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

Unity Linux 20.1070e Security Update: binutils (UTSA-2026-015467)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015467 advisory. A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-015461)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015461 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libtiff (UTSA-2026-014369)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014369 advisory. libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. Tenable has extracted the preceding description block...

PT-2026-35922

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU V3 versions prior to V3.0.0-B20220304.1804 Description A stack-based buffer overflow exists in the formMapDelDevice function. This issue occurs via the hostname parameter. A stack-based buffer overflow is a condition where a...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the skip function. An attacker can cause a stack overflow and potentially crash the application by sending specially crafted input that triggers deep recursion. Remediation Upgrade...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the dispatch process. An attacker can cause a stack overflow and potentially crash the application by sending specially crafted input that triggers excessive recursive calls...

Kea: Kea: Denial of Service via maliciously crafted message

A flaw was found in Kea. A remote attacker can send a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener. This can cause a stack overflow error, leading to the daemon exiting and resulting in a Denial of...