Lucene search
+L

9 matches found

OSV
OSV
added 2026/06/22 11:7 p.m.4 views

GHSA-QC2X-6F54-M6H9 zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet

Impact readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against self.datalen. Python's slice silently returns fewer bytes when the end index runs past the...

7.1CVSS5.9AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.4 views

CVE-2026-41475

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...

9.1CVSS5.6AI score0.00482EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 7:39 p.m.5 views

CVE-2026-41475

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...

8.7CVSS5.7AI score0.00482EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/24 7:39 p.m.34 views

CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...

8.7CVSS0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/04/24 7:39 p.m.3 views

CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...

8.7CVSS6.2AI score0.00482EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/04 5:58 p.m.13 views

CVE-2026-25532

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

6.3CVSS5.5AI score0.00213EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/02/04 5:58 p.m.33 views

CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

6.3CVSS0.00213EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/11 8:21 a.m.8 views

kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung

An out-of-bounds read vulnerability exists in the pppsynctxmunge function in the Linux kernel's PPP subsystem. Insufficient bounds checking on incoming PPP packets may lead to a kernel crash if a packet with an empty or truncated payload is processed...

7.1CVSS7.1AI score0.00166EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/28 3:30 a.m.5 views

kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung

An out-of-bounds read vulnerability exists in the pppsynctxmunge function in the Linux kernel's PPP subsystem. Insufficient bounds checking on incoming PPP packets may lead to a kernel crash if a packet with an empty or truncated payload is processed...

7.1CVSS6.9AI score0.00166EPSS
Exploits0References5
Rows per page
Query Builder