11 matches found
Astra Linux - уязвимость в yajl
In the yajl-ruby gem version 1.3.0 for Ruby, when a properly crafted JSON file is provided to Yajl::Parser.new.parse, the entire Ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This causes the entire Ruby process to terminate, potentially leading to a denial ...
CVE-2026-43108
In CVE-2026-43108, the issue is in the Linux kernel's Qualcomm SoC PD-mapper component. The root cause is a mismatch between the declared length of a string element in servreg_loc_pfr_req_ei and the reason field of servreg_loc_pfr_req, which can trigger decoding errors during PD crashes. The conc...
python: Fix of CVE-2017-1000158
CVE-2017-1000158: fix integer overflow in PyStringDecodeEscape that could trigger a heap-based buffer overflow when decoding very large byte strings...
CLSA-2026-1777585788 python: Fix of CVE-2017-1000158
CVE-2017-1000158: fix integer overflow in PyStringDecodeEscape that could trigger a heap-based buffer overflow when decoding very large byte strings...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013773)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013773 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007608)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007608 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of...
Advisory ROSA-SA-2026-3153
Software: libtomcrypt 1.18.2 OS: ROSA Virtualization 3.1 unaffected versions = libtomcrypt-1.18.2-5.0.1.rv31 affected versions libtomcrypt-1.18.2-5.0.1.1.rv31 CVE-ID: CVE-2019-17362 BDU-ID: 2025-16070 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the derdecodeutf8string function of the...
DEBIAN-CVE-2023-53729
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...
CVE-2023-53729
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...
CVE-2023-53729
CVE-2023-53729 affects the Linux kernel’s QMI handling for Qualcomm (soc: qcom: qmi_encdec). The issue arises when decoding QMI TLV strings: the code accounts for null-terminated strings with MAX_LEN + 1, and if a string is actually MAX_LEN + 1, NULL termination leads to an out-of-bounds access. ...
Ruby yajl-ruby gem denial of service vulnerability
Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. yajl-ruby gem is one of the stream-based parsing library. A security vulnerability exists in the 'yajlstringdecode' function in the yajlencode.c file in...