24 matches found
CVE-2026-34062
nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::readrequest and readresponse call readtoend on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fixed warnings related to cancelsync on uninitialized workstructs. Betty reported encountering the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 … 8.713282 T221 Call trace:...
CVE-2026-34062
nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::readrequest and readresponse call readtoend on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets...
CVE-2026-34063
CVE-2026-34063 affects Nimiq’s network-libp2p prior to v1.3.0. The discovery mechanism assumes at most one inbound and one outbound substream per connection; if a remote peer opens the discovery protocol substream a second time, the libp2p ConnectionHandler may panic with “Inbound already connect...
CVE-2026-34062 Nimiq has Allocation of Resources Without Limits or Throttling in its libp2p request/response
nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::readrequest and readresponse call readtoend on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets...
EUVD-2026-25056
nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::readrequest and readresponse call readtoend on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets...
CVE-2026-34062
nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::readrequest and readresponse call readtoend on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets...
CVE-2026-34062
CVE-2026-34062 affects the Nimiq libp2p integration. Before version 1.3.0, MessageCodec::read_request and read_response call read_to_end() on inbound substreams, allowing a remote peer to send only a partial frame and keep the substream open. Additionally, Behaviour::new sets with_max_concurrent_...
Nimiq 安全漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a security vulnerability. This vulnerability stemmed from the use of MessageCodec::readrequest and readresponse in the nimiq-libp2p library, which called readtoend on the inbound...
Linux Distros Unpatched Vulnerability : CVE-2025-37805
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at...
SUSE CVE-2025-37805
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... 8.713282 T221 Call trace: 8.713365 T221...
DEBIAN-CVE-2025-37805
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... 8.713282 T221 Call trace: 8.713365 T221...
UBUNTU-CVE-2025-37805
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... 8.713282 T221 Call trace: 8.713365 T221...
PT-2025-20334
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been resolved in the Linux kernel related to the sound/virtio module. The issue arises when the virtsnd probe function triggers an error path, leading to a call to...
SUSE CVE-2016-4300
Integer overflow in the readSubStreamsInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow...
Denial Of Service (DoS)
ffmpeg is vulnerable to denial of service DoS attacks. The library does not properly handle frame types that contain multiple independent substreams in them, allowing a malicious user to pass an AVI file to be converted to an MP4 file that can cause an out-of-array access that can crash the...
UBUNTU-CVE-2018-13302
In FFmpeg 4.0.1, improper handling of frame types other than EAC3FRAMETYPEINDEPENDENT that have multiple independent substreams in the handleeac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or...
ALPINE-CVE-2016-4300
Integer overflow in the readSubStreamsInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow...
CVE-2016-4300
Integer overflow in the readSubStreamsInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow...
DEBIAN-CVE-2016-4300
Integer overflow in the readSubStreamsInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow...