64 matches found
SUSE CVE-2022-50233
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev-devname,shortname Both devname and shortname are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to be...
AZL-65027 CVE-2025-38332 affecting package kernel for versions less than 6.6.96.1-1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy for BIOS version The strlcat with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway, instead of memset with...
CVE-2009-4593
The bftpdutmplog function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.buhost structure member, which might allow remote attackers to cause a denial of service daemon crash via unspecified vectors. NOTE: some of these details are...
CVE-2025-22003
In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy source Commit 7fdaf8966aae "can: ucan: use strscpy to instead of strncpy" unintentionally introduced a one byte out of bound read on strscpy's source argument which is kind of ironic...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netdevsim: A trailing zero was added to terminate the string in nsimnexthopbucketactivitywrite. This issue was identified by a static analyzer. We should not forget the trailing zero after copyfromuser if we will perform further...
SUSE CVE-2024-50259
In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsimnexthopbucketactivitywrite This was found by a static analyzer. We should not forget the trailing zero after copyfromuser if we will further do some string operations,...
DEBIAN-CVE-2024-50259
In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsimnexthopbucketactivitywrite This was found by a static analyzer. We should not forget the trailing zero after copyfromuser if we will further do some string operations,...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a string termination issue in the nsimnexthopbucketactivitywrite function...
OESA-2024-2092 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer...
CVE-2024-35845
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwlfwinidebuginfotlv is used as a string, so we must ensure the string is terminated correctly before using it...
CVE-2024-35845 wifi: iwlwifi: dbg-tlv: ensure NUL termination
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwlfwinidebuginfotlv is used as a string, so we must ensure the string is terminated correctly before using it...
emdns 安全漏洞
emdns is a DNS software by the individual developer Michael Santos. A security vulnerability exists in versions prior to emdns be565c3, which stems from emdnsresolveraw in emdns.c calling strlen via fbd1eef, whose input may not terminate with a termination, resulting in an over-read of a...
SUSE CVE-2024-26791
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getnamekerne...
CVE-2024-26791
A vulnerability was found in the Linux kernel's btrfs filesystem related to the dev-replace feature. The issue stems from inadequate validation of device names. This flaw could allow an attacker unauthorized access or manipulation of devices, impacting the system's security. Mitigation Mitigation...
DEBIAN-CVE-2024-26791
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getnamekerne...
UBUNTU-CVE-2024-26791
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getnamekerne...
CVE-2024-26791 btrfs: dev-replace: properly validate device names
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getnamekerne...
CVE-2024-26791
CVE-2024-26791 — Linux kernel: btrfs dev-replace: properly validate device names. A syzbot report indicated device name buffers passed to device replace could read beyond end (getname_kernel) due to insufficient termination checks. The fix adds a helper that validates both source and target devic...
SUSE CVE-2017-8313
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file...
SUSE CVE-2019-12854
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it...