CVE-2026-6473

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007252)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007252 advisory. In the Linux kernel, the following vulnerability has been resolved: net: cdcncm: Deal with too low values of dwNtbOutMaxSize Currently in cdcncmchecktxmax, if...

postgresql: libpq: libpq undersizes allocations, via integer wraparound

A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application...

postgresql: libpq: libpq undersizes allocations, via integer wraparound

A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application...

curl: Incorrect sizeof() in Rustls Backend Memory Allocation

Summary There's a bug in lib/vtls/rustls.c where malloc uses sizeofciphersuites instead of sizeofciphersuites. This allocates memory based on pointer size rather than element size. Steps To Reproduce 1. Look at lib/vtls/rustls.c line 530: c const struct rustlssupportedciphersuite ciphersuites =...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2025-29087)

In SQLite, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the result buffer, and thus malloc may...

CLSA-2025-1760966342 glibc: Fix of CVE-2025-0395

CVE-2025-0395: fix buffer underallocation in assert and libcfatal mmap handling...

CLSA-2025-1760542306 glibc: Fix of CVE-2025-0395

CVE-2025-0395: fix buffer underallocation in assert and libcfatal mmap handling...

CLSA-2025-1760460711 glibc: Fix of CVE-2025-0395

CVE-2025-0395: fix buffer underallocation in assert and libcfatal mmap handling...

CLSA-2025-1760373685 glibc: Fix of CVE-2025-0395

CVE-2025-0395: fix underallocation of abortmsgs struct that could lead to buffer overflow when printing assertion failures...

CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

CVE-2025-4877 Libssh: write beyond bounds in binary to base64 conversion functions

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

Apache Commons FileUpload 安全漏洞

Apache Commons FileUpload is an Apache USA Foundation package that uploads files to Servlets and Web applications. A security vulnerability exists in Apache Commons FileUpload, which stems from an under-allocation of resources and could lead to a denial of service. The following versions are...

CVE-2020-11137

Integer multiplication overflow resulting in lower buffer size allocation than expected causes memory access out of bounds resulting in possible device instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

UBUNTU-CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

SUSE-SU-2025:20135-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282. Other fixes: - Fix underallocation of abortmsgs struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf bsc1233699...

Security update for glibc

This update for glibc fixes the following issues: CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282. Other fixes: - Fix underallocation of abortmsgs struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf bsc1233699 Patch...

CLSA-2025-1740470259 Fix CVE(s): CVE-2025-0395

SECURITY UPDATE: insufficient space allocation in assert function leading to buffer overflow - debian/patches/any/CVE-2025-0395.patch: Fix underallocation of abortmsgs struct to store the length of the message string - CVE-2025-0395...

CLSA-2025-1740230107 Fix CVE(s): CVE-2025-0395

SECURITY UPDATE: insufficient space allocation in assert function leading to buffer overflow - debian/patches/any/CVE-2025-0395.patch: Fix underallocation of abortmsgs struct to store the length of the message string - CVE-2025-0395...