236 matches found
CVE-2024-13939
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...
GNU Binutils 安全漏洞
GNU Binutils GNU Binary Utilities is a set of programming language utility programs developed by the American GNU community. The programs are primarily designed to work with target files in a variety of formats, and provide connectors, assemblers, and other tools for target files and archives. A...
CVE-2021-26603
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the ArkDigPathA function parsed a file path. This vulnerability is due to missing support for string length check...
CVE-2021-35102
Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...
SUSE CVE-2024-50131
In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL...
kernel: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
A buffer overrun flaw exists in the Linux kernel when the strlen function is used on name fields in V1 wmfw files. This issue results in a loss of system availability...
FORT Validator 安全漏洞
FORT Validator is an RPKI dependency and RTR server from NICMx Open Source. A security vulnerability exists in FORT Validator versions prior to 1.6.3, which stems from not properly cleaning up string lengths, resulting in a buffer overflow...
kernel: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of the strlen function instead of the strnlen function for algorithm and coefficient name string...
SUSE CVE-2024-39487
In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...
CVE-2024-39487
In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...
UBUNTU-CVE-2024-39487
In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...
CVE-2024-39487 bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...
CVE-2024-39487 bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...
ROS-20240603-02
A vulnerability in the Format Detection component of the Mojolicious module for Perl is related to errors in releasing resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the securecompare function of the...
DEBIAN-CVE-2024-26988
In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential staticcommandline memory overflow We allocate memory of size 'xlen + strlenbootcommandline + 1' for staticcommandline, but the strings copied into staticcommandline are extracommandline and commandline,...
CLSA-2024-1712837970 Update of microcode_ctl
Moved tuxcare patches from 2:2.1-73.16.tuxcare.els1 - genupdate2.py was updated to output strings having restricted length - Update Intel CPU microcode to microcode-20231114 release it's the same as microcode-20231009 - Update vendor patches...
The vulnerability of the Delta Industrial Automation DOPSoft software for designing human-machine interfaces lies in the copying of buffers without checking the size of the input data. This allows a malicious actor to execute arbitrary code.
The vulnerability of the Delta Industrial Automation DOPSoft software for designing human-machine interfaces lies in the copying of buffers without checking the size of input data during syntax analysis of the wKPFStringLen field. Exploiting this vulnerability allows a malicious actor to execute...
DEBIAN-CVE-2023-51885
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component...
UBUNTU-CVE-2023-51885
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component...