CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

CVE-2026-45232

Rsync

CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

NLnet Labs Unbound 安全漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. There are security vulnerabilities in the version of NLnet Labs Unbound from 1.14.0 to 1.25.0. These vulnerabilities stem from the truncation of size calculations when encoding multiple NSIDs and/or DNS Cookies, as...

PT-2026-42052

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description An integer overflow exists in the compressed-token decoder due to a 32-bit signed counter that is not checked for overflow. A malicious sender can trigger this overflow, causing the receiver process to...

PT-2026-42398

Name of the Vulnerable Software and Affected Versions FreeBSD versions 14.x Description A stack buffer overflow exists in the setcred2 system call. The issue occurs because a user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer before the privilege level of t...

FreeBSD-SA-26:18.setcred

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:18.setcred Security Advisory The FreeBSD Project Topic: Stack buffer overflow via setcred2 Category: core Module: setcred Announced: 2026-05-20 Credits: Ryan...

FreeBSD -- Stack buffer overflow via setcred(2)

Problem Description: The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied li...

PT-2026-42272

Name of the Vulnerable Software and Affected Versions libsolv affected versions not specified Description A stack-based buffer overflow occurs in the Debian metadata parser of libsolv when processing specially crafted Debian repository metadata. An attacker can trigger this by providing malicious...

FreeBSD-SA-26:22.libcasper

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:22.libcasper Security Advisory The FreeBSD Project Topic: select2 file descriptor set overflow causes stack overflow Category: core Module: libcasper...

Rsync 安全漏洞

Rsync is a fast and versatile file copying tool developed by RsyncProject. It is used for both remote and local files. Versions of Rsync prior to 3.4.3 contained security vulnerabilities. These vulnerabilities stemmed from a stack write issue in the establishproxyconnection function. Network...

CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

NLnet Labs Unbound 缓冲区错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.6.2 to 1.25.0 of NLnet Labs Unbound, there is a buffer error vulnerability. This vulnerability stems from a potential stack overflow during the DNSCrypt packet reading process. Malicious attackers can...

PT-2026-42055

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description An off-by-one out-of-bounds stack write exists in the establish proxy connection function within socket.c. Network attackers can corrupt stack memory by sending a malformed HTTP proxy response. This...

FreeBSD Security Advisory - FreeBSD-SA-26:18.setcred

FreeBSD Security Advisory - The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the...

Linux Distros Unpatched Vulnerability : CVE-2026-45232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows netwo...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

Uncontrolled Recursion

Overview sqlfluffrs is a The SQL Linter for Humans Affected versions of this package are vulnerable to Uncontrolled Recursion through the ParseContext and parser recursion in the SQL parser components. An attacker can exhaust parser stack depth and force repeated parse failures by supplying deepl...