Zserio Runtime: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization

Summary Unbounded Memory Allocation all platforms A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. Affected code C++: - cpp/runtime/src/zserio/Array.h line 1029 — mrawArray.reservereadLength with uncheck...

CVE-2025-38585

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

CVE-2025-38315

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

UBUNTU-CVE-2024-57936

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causin...

PT-2025-3661 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the RDMA/bnxt re component in the Linux kernel, where the maximum number of SGEs Scatter-Gather Elements for a Work Request is not properly handled. Specifically, Ge...

CVE-2024-26818

In the Linux kernel, the following vulnerability has been resolved: tools/rtla: Fix clang warning about mountpoint var size clang is reporting this warning: $ make HOSTCC=clang CC=clang LLVMIAS=1 ... clang -O -g -DVERSION="6.8.0-rc3" -flto=auto -fexceptions -fstack-protector-strong...

CVE-2024-26818

CVE-2024-26818 affects the Linux kernel (rtla/ utils.c) where a fscanf call uses mount_point with a size of MAX_PATH but the format can write up to MAX_PATH+1, risking a buffer overflow. The connected Astra/Tencent/Tenable data confirms the root cause and documents the fix: increase the mount_poi...

CVE-2024-26818 tools/rtla: Fix clang warning about mount_point var size

In the Linux kernel, the following vulnerability has been resolved: tools/rtla: Fix clang warning about mountpoint var size clang is reporting this warning: $ make HOSTCC=clang CC=clang LLVMIAS=1 ... clang -O -g -DVERSION="6.8.0-rc3" -flto=auto -fexceptions -fstack-protector-strong...

CVE-2024-26818 tools/rtla: Fix clang warning about mount_point var size

In the Linux kernel, the following vulnerability has been resolved: tools/rtla: Fix clang warning about mountpoint var size clang is reporting this warning: $ make HOSTCC=clang CC=clang LLVMIAS=1 ... clang -O -g -DVERSION="6.8.0-rc3" -flto=auto -fexceptions -fstack-protector-strong...

CLSA-2023-1698946014 sqlite: Fix of CVE-2022-35737

CVE-2022-35737: increase the size of loop variables in the printf implementation...

"rights" stored in memory is overwriting the memory block storing "from" and 32 bytes memory is given to store 20 byes long "contract_"

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Expected code should keccak over packed encoding of rights, from, to, contract, tokenId but as 'rights' values are overwriting 'from' values and 32 bytes memory block has been allocated to 'contract'...

UBUNTU-CVE-2017-9763

The grubext2readblock function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service excessive stack use and application crash via a crafted binary file, related to use of a variable-size stack array...

CVE-2003-0400

Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "--" string in a CookieName argument to the login template, referred to as a "memory leak" in some reports...