CVE-2026-44608 Use after free and crash under special conditions in RPZ code

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

CVE-2026-44608

Summary: NLnet Labs Unbound versions 1.14.0–1.25.0 contain a locking inconsistency in RPZ handling that can cause a heap use-after-free and crash under specific multi-threaded conditions when an RPZ XFR reload occurs and an RPZ zone is loaded with rpz-nsip or rpz-nsdname triggers. An attacker wou...

CVE-2026-44608

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

CVE-2026-44608 Use after free and crash under special conditions in RPZ code

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

Astra Linux – Vulnerability in Twisted

Twisted is an event-based framework for internet applications, compatible with Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, potentially leading to information disclosure. This vulnerability has been fixed in 24.7.0rc1...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fixed the direction of 0-length ioctl control messages The syzbot fuzzer identified a issue with the usbtmc driver: When a user sends an ioctl with a 0-length control transfer, the driver does not check whether the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: i2c: rtl9300: Fixed an out-of-bounds bug in rtl9300i2csmbusxfer The data-block0 variable comes from the user input. Without proper checks, this variable can become very large, leading to an out-of-bounds error. This bug was...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: az6007: Fixed nullptrderef in az6007i2cxfer In az6007i2cxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf would still be performed. Malicious data could...

Astra Linux - уязвимость в apache2

Apache HTTP Server versions 2.4.41 to 2.4.46 with modproxyhttp can become unstable when processing specially crafted requests that use both Content-Length and Transfer-Encoding headers. This can lead to a denial of service...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: gro: fixed ownership transfer If packets are received using GRO, they may be segmented later on and continue their journey within the stack. In skbSegmentlist, these segments can be reused as they are. This is a problem because...

Astra Linux - уязвимость в gunicorn

Gunicorn fails to properly validate Transfer-Encoding headers, resulting in HTTP Request Smuggling HRS vulnerabilities. By creating requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue arises due to Gunicorn’s...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: ipa: The event ring index was corrected; it was not programmed correctly for IPA v5.0+. For IPA v5.0+ onwards, the event ring index field has been moved from CHCCNTXT0 to CHCCNTXT1. In IPA v5.0, this field was intended to be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: The use of smbdirectsocket.sendio.bcredits has been addressed. It turns out that our code would corrupt the stream of reassabled data transfer messages when we trigger an immediate empty send. To fix this issue, we...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Ensure that sb-sfsinfo is always cleaned up. When hfsplus was converted to the new mount API, a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been...

Astra Linux - уязвимость в mc

A issue was discovered in Midnight Commander through version 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user can connect to the server without being able to verify its authenticity...

Astra Linux - уязвимость в curl

Curl versions 7.21.0 through 7.73.0 are vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing...

Astra Linux - уязвимость в netty

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace such as a spaceTransfer-Encoding:chunked line and a later Content-Length header. This issue exists due to an incomplete fix for CVE-2019-16869...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A issue was discovered in the Linux kernel before version 6.6.8. The dovccioctl function in net/atm/ioctl.c has a use-after-free issue due to a race condition involving vccrecvmsg...

Astra Linux - уязвимость в golang-golang-x-net

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which can be manipulated by...

Astra Linux - уязвимость в python2.7, python3.7

A flaw was discovered in Python, specifically in the FTP File Transfer Protocol client library when operating in PASV passive mode. The issue arises from how the FTP client defaults to trusting the host based on the PASV response. This flaw allows an attacker to create a malicious FTP server that...