CVE-2026-52999

A flaw was found in the Linux kernel's netfilter subsystem, specifically in the nfnetlinkosf module. When the NFOSFLOGLEVELALL option is configured, an out-of-bounds read vulnerability can occur during TCP option parsing. This issue can lead to incorrect data processing and logging failures,...

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

DEBIAN-CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

CVE-2026-6985

CVE-2026-6985 affects Cesanta Mongoose up to 7.20, specifically the TCP Option Handler’s handle_opt in /src/net_builtin.c. The vulnerability arises from manipulating the argument optlen, which can cause an infinite loop. It is described as remotely exploitable, and an exploit has been made public...

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

PT-2026-35156

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle opt of the file /src/net builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. T...

CVE-1999-0193

Denial of service in Ascend and 3com routers, which can be rebooted by sending a zero length TCP option...

EUVD-1999-0193

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-47245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy synproxyparseoptions could read one byte out of bounds. When t...

Juniper JunOS Malformed TCP Option

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Juniper JunOS Malformed TCP Option', 'Description' = %q This module exploits a denial of service vulnerability in Juniper Network's JunOS router...

SUSE CVE-2021-47593

In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk-sksockkern being set correctly: It prevents setsockoptfd, IPPROTOTCP, TCPULP, "mptcp", 6; from working for plain tcp sockets any userspace-expose...

CVE-2021-47243

In the Linux kernel, the following vulnerability has been resolved: schcake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length is 1, the execution flow gets into the loop,...

CVE-2021-47244

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp mptcpgetoptions could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if...

CVE-2021-47245

In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy synproxyparseoptions could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte...

CVE-2021-47243

In the Linux kernel, the following vulnerability has been resolved: schcake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length is 1, the execution flow gets into the loop,...

CVE-2021-47244

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp mptcpgetoptions could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if...

CVE-2021-47243 sch_cake: Fix out of bounds when parsing TCP options and header

In the Linux kernel, the following vulnerability has been resolved: schcake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length is 1, the execution flow gets into the loop,...

CVE-2021-47243

In the Linux kernel, the following vulnerability has been resolved: schcake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length is 1, the execution flow gets into the loop,...