EUVD-2026-38103

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

OSV-2026-678 UNKNOWN WRITE in ___interceptor_strncpy

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=508899220 Crash type: UNKNOWN WRITE Crash state: interceptorstrncpy concathashstring ndpisearchsshtcp...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fixed a stack-out-of-bounds issue in strncpy “BUG: KASAN: Stack-out-of-bounds in strncpy+0x30/0x68” The Linux-ATF interface uses 16 bytes of SMC payload. If the clock name is longer than 15 bytes, the string...

OSV-2026-659 Heap-buffer-overflow in ___interceptor_strncpy

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=507904196 Crash type: Heap-buffer-overflow WRITE Crash state: interceptorstrncpy concathashstring ndpisearchsshtcp...

PT-2026-33524

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description A missing null terminator exists in the ptp unpack Canon FE function within the camlibs/ptp2/ptp-pack.c file. The function uses strncpy to copy a filename into a 13-byte buffer without ensuring t...

EUVD-2024-55470

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early without calling fdput when strncpyfromuser fails on the name argument. In...

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2019-11365

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this...

Linux Distros Unpatched Vulnerability : CVE-2022-50828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - clk: zynqmp: Fix stack-out-of-bounds in strncpy BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68 Linux-ATF interface is using 16 bytes of SMC payload. In ca...

EUVD-2022-55870

In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string terminated NULL...

CVE-2022-50828

In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string terminated NULL...

CVE-2022-50828

In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string terminated NULL...

CVE-2022-50828

CVE-2022-50828 affects the Linux kernel clock driver for ZynqMP (clk: zynqmp). The issue caused a stack-out-of-bounds access in strncpy during probe-time when the clock name exceeds 15 bytes, leading to a missing NUL terminator in the 16-byte SMC payload path used by Linux-ATF. The KSAN violation...

CVE-2022-50828 clk: zynqmp: Fix stack-out-of-bounds in strncpy`

In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string terminated NULL...

CVE-2022-50828

In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string terminated NULL...

PT-2025-53946

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.0-00396-g81ef9e7-dirty Description The Linux kernel contains a stack-out-of-bounds write issue in the strncpy function within the zynqmp clock driver. This occurs when the clock name exceeds 15 bytes, leading...

Security Bulletin: In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

Summary In imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. Vulnerability Details CVEID:CVE-2024-28219 DESCRIPTION: In imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. CWE:CWE-680:...

EUVD-2019-14670

Malware in sbrugna...

EUVD-2003-0459

Malware in sbrugna...

EUVD-2019-3043

Malware in sbrugna...