JLSEC-2026-312

HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MMxstrdup in H5MM.c called from H5Genttolink in H5Glink.c...

ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()

...

SUSE CVE-2025-38438

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Use devmkstrdup to avoid memleak. sofpdata-tplgfilename can have address allocated by kstrdup and can be overwritten. Memory leak was detected with kmemleak: unreferenced object 0xffff88812391ff60 size 16:...

UBUNTU-CVE-2025-2175

A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function vbistrndupiconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to...

iperf: Denial of Service in iperf Due to Improper JSON Handling

A flaw was found in iperf. This vulnerability allows a Denial of Service DoS via the injection of malformed JSON data, which can result in a segmentation fault when a NULL pointer is passed to strdup...

SUSE CVE-2024-53681

In the Linux kernel, the following vulnerability has been resolved: nvmet: Don't overflow subsysnqn nvmetrootdiscoverynqnstore treats the subsysnqn string like a fixed size buffer, even though it is dynamically allocated to the size of the string. Create a new string with kstrndup instead of usin...

PT-2024-6200 · Unknown +2 · Hdf5 Library +2

Name of the Vulnerable Software and Affected Versions: HDF5 Library versions prior to 1.14.4 Description: The issue is related to a heap-based buffer over-read caused by the unsafe use of strdup in H5MM xstrdup in H5MM.c, which can be exploited by a remote attacker to impact the confidentiality,...

PT-2023-35738 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a global buffer overflow read. The crash state involves functions such as xmlStrndup, htmlParseSystemLiteral, a...

The vulnerabilities of the alloca() and strdup() functions in the Systemd initialization and service management subsystem allow a attacker to cause a service failure.

The vulnerability of the alloca and strdup functions in the Systemd initialization and service management subsystem is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a attacker to cause service failures...

CVE-2019-12615

An issue was discovered in getvdevportnodeinfo in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdupconst of nodeinfo-vdevport.name, which might allow an attacker to cause a denial of service NULL pointer dereference and system crash...