CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-init and zero pdulen infinite loop l2capconfigreq processes CONFIGREQ for channels in BTCONNECTED state to support L2CAP reconfiguration e.g. MTU changes. However, since both CONFINPUTDONE and...

wolfSSL（CyaSSL） 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. WolfSSL CyaSSL versions 5.8.4 and earlier contain security vulnerabilities. These vulnerabilities stem from a 1-byte out-of-bounds hea...

AZL-79565 CVE-2025-69652 affecting package binutils 2.41-10

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

AZL-79589 CVE-2025-69652 affecting package binutils 2.37-20

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

CVE-2025-69652

CVE-2025-69652 concerns GNU Binutils up to 2.46, specifically the readelf component. A crafted ELF binary with malformed DWARF abbrev or debug information can trigger an abort (SIGABRT) due to incomplete state cleanup in process_debug_info(), allowing an invalid debug_info_p state to propagate in...

CVE-2025-67901

openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p-rem and p-len is not checked...

CVE-2025-67901

openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p-rem and p-len is not checked...

EUVD-2025-31823

A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /editcustomer.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

Linux Distros Unpatched Vulnerability : CVE-2025-39928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i2c: rtl9300: ensure data length is within supported range Add an explicit check for the xfer length to 'rtl9300i2cconfigxfer' to ensure the data length isn't...

EUVD-2013-0311

Malware in sbrugna...

CVE-2025-39928

In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data length is within supported range Add an explicit check for the xfer length to 'rtl9300i2cconfigxfer' to ensure the data length isn't within the supported range. In particular a data length of 0 is not...

SUSE CVE-2025-38694

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090prwonapb In dib7090prwonapb, msg is controlled by user. When msg0.buf is null and msg0.len is zero, former checks on msg0.buf would be passed. If accessing msg0.buf2...

CVE-2021-46935

In the Linux kernel, the following vulnerability has been resolved: binder: fix asyncfreespace accounting for empty parcels In 4.13, commit 74310e06be4d "android: binder: Move buffer out of area shared with user space" fixed a kernel structure visibility issue. As part of that patch, sizeofvoid w...

CVE-2023-46838

Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translate...

SUSE CVE-2012-1667

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service daemon crash or data corruption or obta...

SUSE CVE-2013-0290

The skbrecvdatagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSGPEEK flag with zero-length data, which allows local users to cause a denial of service infinite loop and system hang via a crafted application...

Null pointer dereference

Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data...

PT-2023-13303 · Unknown · Bluetooth Host

Name of the Vulnerable Software and Affected Versions: Bluetooth HOST affected versions not specified Description: The issue is related to a transient DOS caused by a null pointer dereference in the Bluetooth HOST. This occurs when the Bluetooth HOST receives an attribute protocol PDU with zero...

AZL-39466 CVE-2021-28361 affecting package ceph for versions less than 16.2.10-3

An issue was discovered in Storage Performance Development Kit SPDK before 20.01.01. If a PDU is sent to the iSCSI target with a zero length but data is expected, the iSCSI target can crash with a NULL pointer dereference...

php: use of uninitialized pointer in PharFileInfo::getContent

ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 TAR, 2 ZIP, or 3 PHAR archive...