Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: ACPI: custommethod – fixed a potential use-after-free issue. In the cmwrite function, the buffer is always freed when it reaches the end of the function. If the requested count is less than table.length, the allocated buffer will...

Astra Linux - уязвимость в ntfs-3g

In NTFS-3G versions 2021.8.22, when specially crafted NTFS attributes are read in the function ntfsattrpreadi, a heap buffer overflow can occur, allowing for writing to arbitrary memory or causing denial of service for the application...

Astra Linux - уязвимость в chromium

Before version 91.0.4472.77, TabStrip in Google Chrome allowed an attacker who convinced a user to install a malicious extension to perform an out-of-bounds memory write through a crafted HTML page...

Astra Linux - уязвимость в openexr

A flaw was discovered in the function dataWindowForTile of the IlmImf/ImfTiledMisc.cpp file. An attacker who can submit a crafted file for processing with OpenEXR could trigger an integer overflow, resulting in an out-of-bounds write operation on the heap. The most significant impact of this flaw...

Astra Linux - уязвимость в linux, linux-5.10

A use-after-free flaw was discovered in the Linux kernel’s FUSE filesystem, where a user triggers the write function. This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation...

Astra Linux - уязвимость в linux

A memory-bound write flaw 1 or 2 bytes of memory was identified in the Linux kernel’s NFS subsystem, related to the way users use mirroring replication of files via NFS. A user with access to the NFS mount could potentially exploit this flaw to crash the system or escalate privileges on the syste...

Astra Linux - уязвимость в musl

In musl libc through 1.2.1, wcsnrtombs mishandles certain combinations of destination buffer size and source character limit, as demonstrated by an invalid write access buffer overflow...

Astra Linux - уязвимость в chromium

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в ghostscript

A buffer overflow vulnerability was discovered in base/gdevdevn.c:1973 within devnpcxwriterle in ghostscript. This issue may allow a local attacker to cause a denial of service by generating a malicious PDF file for a DEVN device using gs...

Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in the extractContigSamplesShifted24bits function in tools/tiffcrop.c:3604. This vulnerability allows attackers to cause a denial-of-service attack through a crafted TIFF file. For users who compile LibTIFF from source code, the fix is...

Astra Linux - уязвимость в chromium

Before version 96.0.4664.93, using WebRTC in Google Chrome allowed a remote attacker to potentially exploit heap corruption through crafted WebRTC packets...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: tty: xilinxuartps: split sysrq handling The lockdep tool detected the following circular locking dependencies: CPU 0 | CPU 1 ============= | ============== cdnsuartisr | printk uartportlockport | consolelock cdnsuartconsolewrite ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

Incorrect verifier pruning in the BPF module of the Linux kernel version 5.4 and above leads to unsafe code paths being incorrectly marked as safe. This results in arbitrary read/writes to kernel memory, lateral privilege escalation, and container escapes...

Astra Linux - уязвимость в dnsmasq

A single-byte, non-arbitrary write/use-after-free flaw was discovered in dnsmasq. This flaw allows an attacker to send a crafted packet processed by dnsmasq, potentially causing a denial of service...

Astra Linux - уязвимость в vim

Out-of-bounds write in the GitHub repository for Vim/Vim before version 8.2...

Astra Linux - уязвимость в elfutils

The libcpu component, which is used by libasm of elftools version 0.177 git 47780c9e, suffers from denial-of-service vulnerabilities caused by application crashes due to out-of-bounds write CWE-787, off-by-one errors CWE-193, and reachable assertions CWE-617. To exploit these vulnerabilities,...

Astra Linux - уязвимость в dcmtk

There is an improper array index validation vulnerability in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в dcmtk

There is an improper array index validation vulnerability in the nowindow functionality of OFFIS DCMT 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в apache2

The out-of-bounds write vulnerability in the modsed module of the Apache HTTP Server allows an attacker to overwrite heap memory with data provided by the attacker. This issue affects Apache HTTP Server version 2.4.2.52 and earlier versions...

Astra Linux - уязвимость в chromium

In Google Chrome on Linux and ChromeOS before version 92.0.4515.107, an attacker who convinced a user to install a malicious extension could perform an out-of-bounds memory write by using a crafted HTML page. This vulnerability allowed the attacker to execute such an operation...