Zserio Runtime: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization

Summary Unbounded Memory Allocation all platforms A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. Affected code C++: - cpp/runtime/src/zserio/Array.h line 1029 — mrawArray.reservereadLength with uncheck...

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

golang: cmd/compile: possible memory corruption after bound check elimination

A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially...

Duplicate Advisory: OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6p8r-6m93-557f. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and...

EUVD-2026-25315

OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...

CVE-2026-41336

OpenClaw prior to 2026.3.31 is vulnerable: workspace .env files can override OPENCLAW_BUNDLED_HOOKS_DIR, allowing attacker-controlled hooks to be loaded and arbitrary code executed. The impact is high (local attack, attacker-controlled code, potential concealment of changes) as described in CVE-2...

CVE-2026-41332

OpenClaw before 2026.3.28 is vulnerable to a code execution path via an incomplete host-env blocklist: GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked. Exploitation can occur through approved exec requests that cause git or AWS CLI to behave based on attacker-controlled configuration files, ...

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

USN-8202-1 jq vulnerabilities

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...

PT-2026-34763

OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT TEMPLATE DIR and AWS CONFIG FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration...

GHSA-2CXP-XQ3C-MJXX uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

CVE-2026-35342

CVE-2026-35342 affects the mktemp utility in the uutils coreutils project. The issue arises because the implementation does not treat an empty TMPDIR as a fallback to /tmp (unlike GNU mktemp); instead, it treats an empty string as a valid path, causing temporary files to be created in the current...

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...