36 matches found
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an out-of-bounds read in the symlinkdata function within smb/client. This vulnerability arises because...
Astra Linux - уязвимость в gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been discovered in the qtdemuxparsecontainer function within qtdemux.c. In the parent function qtdemuxparsenode, the value of length is not properly checked. As a result, if length is large...
ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...
rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer
The FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut u8 that was handed to the closure. This can lead to...
CVE-2026-40892 PJSIP: Stack buffer overflow in pjsip_auth_create_digest2()
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsipauthcreatedigest2 in PJSIP when using pre-computed digest credentials PJSIPCREDDATADIGEST. The function copies credential data using credinfo-data.slen as the...
PT-2026-29124
Name of the Vulnerable Software and Affected Versions Botan versions 2.3.0 through 3.10.9 Description Botan is a C++ cryptography library. During SM2 decryption, the code that checks the authentication code value C3 does not verify the encoded value's length before comparison. This can lead to a...
EUVD-2020-24885
Malware in sbrugna...
CVE-2009-10006 UFO: Alien Invasion <= 2.2.1 IRC Client Buffer Overflow
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply specifically a 001 message, the application fails to properly validate the length of...
CVE-2021-21814
Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char passed in by the user, no checks are done to see if the passed in char is longer th...
CVE-2024-33051
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length...
Silicon Labs RS9116 安全漏洞
The Silicon Labs RS9116 is a family of SoCs and modules from Silicon Labs, Inc. that provide comprehensive 2.4/5 GHz Wi-Fi and dual-mode Bluetooth 5 wireless connectivity. A security vulnerability exists in the Silicon Labs RS9116 that originates from an unchecked buffer length that allows a buff...
DEBIAN-CVE-2024-47543
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemuxparsecontainer function within qtdemux.c. In the parent function qtdemuxparsenode, the value of length is not well checked. So, if length is big enough, it causes t...
UBUNTU-CVE-2024-47774
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstavisubtitleparsegab2chunk function within gstavisubtitle.c. The function reads the namelength value directly from the input file without checking it properly. Then,...
PT-2024-6046 · Frrouting +5 · Frrouting +5
Name of the Vulnerable Software and Affected Versions: FRRouting versions through 10.1 Description: An issue was discovered in the bgp attr encap function in the bgpd/bgp attr.c file, which does not check the actual remaining stream length before taking the TLV value. This can allow a remote...
PT-2024-38397 · Trimble · Trimble Sketchup
Name of the Vulnerable Software and Affected Versions: Trimble SketchUp affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this issue, where the target mus...
SUSE CVE-2022-48632
In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction memcpy is called in a loop while 'operation-length' upper bound is not checked and 'dataidx' also increments...
CVE-2024-22004 Unchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds read
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application...
Stack-based Buffer Overflow
libzephyr.so is vulnerable to a Buffer Overflow. The vulnerability is due to an unchecked length coming from user input in settings shell, specifically during the handling of SETTINGSVALUESTRING type values, which can result in copying data of a length greater than the buffer size allocated for...
CVE-2023-6749
Unchecked length coming from user input in settings shell...
CVE-2023-6749 Unchecked user input length in the Zephyr Settings Shell
Unchecked length coming from user input in settings shell...