Astra Linux - уязвимость в gnutls28

A flaw was discovered in the GnuTLS library, specifically in the gnutlspkcs11tokeninit function, which handles PKCS11 token initialization. When a token label longer than expected is processed, the function writes beyond the end of a fixed-size stack buffer. This programming error can cause...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of “acpiid” if the “str” argument is at its maximum length...

Astra Linux - уязвимость в grub2

A stack overflow flaw was discovered while reading a BFS file system. A specially crafted BFS file system may lead to an uncontrolled loop, causing grub2 to crash...

Astra Linux - уязвимость в libmysofa

LibMySOFA 0.9.1 has a stack-based buffer overflow issue in the readDataVar function in hdf/dataobject.c, during the reading of a header message attribute...

Astra Linux - уязвимость в firefox, thunderbird

Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox 125, Firefox ESR 115.12, and Thunderbird 115.12...

Astra Linux - уязвимость в ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug occurs within the decodestatusreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through SMS...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed a stack buffer overflow issue during the parsing of the OnAssocReq IE. The length of the Supported Rates IE from an incoming Association Request frame was directly used as the length for the memcpy...

Astra Linux - уязвимость в nbd

In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBDOPTINFO or NBDOPTGO message with a large value as the length of the name...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: A stack overflow issue was fixed when loading vlenb. The user-space load mechanism can place up to 2048 bits into the xlen bit stack buffer. Since we only need the xlen bits, we check the size of the buffer in advanc...

Astra Linux - уязвимость в golang-1.19

Calling any of the Parse functions in Go source code that contains deeply nested literals can cause a panic due to stack exhaustion...

Astra Linux - уязвимость в rsync

A flaw was discovered in rsync that can be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length, causing a comparison between a checksum and uninitialized memory, and resulting in the leakage of one byte of uninitialized stack data ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390: Avoid using a global register for the currentstackpointer The commit 30de14b1884b “s390: The currentstackpointer should not be a function” changed the currentstackpointer to a global register variable, as is common on many...

Astra Linux - уязвимость в exempi

The XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability that may lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction—that is, the victim must open a specially crafted file...

Astra Linux - уязвимость в zziplib

A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service through the zzipFetchDiskTrailer function located in the /zzip/zip.c file...

Astra Linux - уязвимость в gst-plugins-base1.0

In GStreamer through 1.26.1, the subparse plugin’s parsesubriptime function may write data beyond the bounds of a stack buffer, resulting in a crash...

Astra Linux - уязвимость в zeromq3

A flaw was discovered in the ZeroMQ server in versions prior to 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The greatest threat posed by this vulnerability is to confidentiality,...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: md/raid1: The issue of stack memory usage after a return in the raid1reshape function has been fixed. In the raid1reshape function, the newpool is allocated on the stack and assigned to conf-r1biopool. This causes...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fixed skbunderpanic in ip6mrcachereport. skbuff: skbunderpanic: Text: fffffffff88771f69; Length: 56; Value: -4; Head: fffff88805f86a800; Data: fffff887f5f86a850; Tail: 0x88; End: 0x2c0; Device: pim6reg. ----------- Cut her...

Astra Linux - уязвимость в nasm

A stack-use-after-scope issue was discovered in the expandmmacparams function in preproc.c in nasm before version 2.15.04. This issue allows remote attackers to cause a denial of service through crafted ASM files...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix potential memory leak The function dwc3qcomprobe allocates memory for the resource structure pointed by the parentres pointer. This memory is not freed, leading to a memory leak. Using stack memory can preven...