72402 matches found
Astra Linux - уязвимость в connman
ConnMan also known as Connection Manager versions 1.30 to 1.39 have a stack-based buffer overflow issue in the uncompress function of dnsproxy.c, occurring due to the use of NAME, RDATA, or RDLENGTH fields for the A or AAAA records...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: The crash in timerlatdumpstack has been fixed. We have observed kernel panics when using timerlat with stack saving, with the following dmesg output: memcpy: detected buffer overflow: 88 bytes written to a buffer...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/xe/guc: Fixed the use of stackdepot. Added the missing stackdepotinit call when CONFIGDRMXEDEBUGGUC is enabled to fix the following call stack: BUG: Kernel NULL pointer dereferencing, address: 0000000000000000 Workqueue:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: fixed a crash in setmeshsync and setmeshcomplete. There is a bug: KASAN: a stack-out-of-bounds issue in setmeshsync, caused by memcpy from a poorly declared on-stack flexible array. Another crash occurs in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: A stack-out-of-bounds read occurred in the usbcheckintendpoints function. Syzbot1 identified a situation where a stack-out-of-bounds read of the epaddr array was performed by the hid-thrustmaster driver. Th...
Astra Linux - уязвимость в connman
Before version 1.39, gdhcp in ConnMan could be exploited by network-adjacent attackers, allowing them to leak sensitive stack information and enabling further exploitation of bugs in gdhcp...
Astra Linux - уязвимость в jackson-databind
In Jackson-Databind versions prior to 2.13.0, there was a possibility of a Java StackOverflow exception and a denial of service issue due to the large depth of nested objects...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/64s: Fixed the program check interrupt emergency stack path. The emergency stack path was jumping to a 3: label within the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By ...
Astra Linux - уязвимость в firefox
An attacker could read 32 bits of values that were spilled onto the stack in a JIT-compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...
Astra Linux - уязвимость в protobuf
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups/series of SGROUP tags can be corrupted due to exceeding the stack limit, i.e., StackOverflow. Parsing nested groups as unknown fields using the DiscardUnknownFieldsParser or the Java Protobuf...
Astra Linux - уязвимость в linux, linux-5.10
A stack overflow flaw was discovered in the Linux kernel’s TIPC protocol functionality. This flaw occurs when a user sends a packet containing malicious content, where the number of domain member nodes exceeds the allowed limit of 64. This flaw allows a remote user to crash the system or...
Astra Linux - уязвимость в ffmpeg, ffmpeg5
A vulnerability, classified as critical, was discovered in FFmpeg version 7.1. This vulnerability affects the ffaacsearchfortns function in the libavcodec/aacenctns.c file of the AAC Encoder component. The vulnerability allows for a stack-based buffer overflow attack. The attack can be initiated...
Astra Linux - уязвимость в bind9
The code that processes control channel messages sent to named recursively calls certain functions during packet parsing. The recursion depth is limited only by the maximum acceptable packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack...
Astra Linux - уязвимость в firefox
The WebAudio OscillatorNode object was vulnerable to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox versions less than 122...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm: Don’t spin in addstackrecord when gfp flags don’t allow. The syzbot tool was able to identify the following functions: addstackrecordtolist in mm/pageowner.c:182 inline incstackrecordcount in mm/pageowner.c:214 inline...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scs: A wrong parameter was fixed in scsmagic. The scsmagic function requires a void variable, but a struct taskstruct is provided instead. taskscstsk represents the starting address of the task’s shadow call stack, and...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack protector issue in sendipidata Function kvmiobusread is called in function sendipidata, buffer size of parameter val should be at least 8 bytes. Since some emulation functions like loongarchipireadl and...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: riscv: Use READONCENOCHECK in the imprecise unwinding stack mode. When CONFIGFRAMEPOINTER is not set, the stack unwinding function walkstackframe randomly reads from the stack. When KASAN is enabled, this can lead to the followin...
Astra Linux - уязвимость в libjettison-java
A stack overflow in Jettison prior to v1.5.2 allowed attackers to cause a Denial of Service DoS attack through crafted JSON data...
Astra Linux - уязвимость в libcroco
In libcroco version 0.6.13, there is excessive recursion in the cr parser function cr parserparseanycore in cr-parser.c, resulting in stack consumption...