JLSEC-2026-232 openssl-src contains Double free after calling `PEM_read_bio_ex`

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

CVE-2025-38611

Removed by vendor...

Linux Distros Unpatched Vulnerability : CVE-2019-11683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - udpgroreceivesegment in net/ipv4/udpoffload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service slab-out-of-bounds memo...

CVE-2024-43815 crypto: mxs-dcp - Ensure payload is zero when using key slot

In the Linux kernel, the following vulnerability has been resolved: crypto: mxs-dcp - Ensure payload is zero when using key slot We could leak stack memory through the payload field when running AES with a key from one of the hardware's key slots. Fix this by ensuring the payload field is set to ...

SUSE CVE-2024-35915

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in ncidevup and ncintfpacket syzbot reported the following uninit-value access issue 12: ncirxwork parses and processes received packet. When the payload length is zero, each message type handler reads...

openssl: double free after calling PEM_read_bio_ex

A double-free vulnerability was found in OpenSSL's PEMreadbioex function. The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" for example, "CERTIFICATE", any header data, and the payload data. If the function succeeds, then the "nameout," "header," and "data"...

openssl: double free after calling PEM_read_bio_ex

A double-free vulnerability was found in OpenSSL's PEMreadbioex function. The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" for example, "CERTIFICATE", any header data, and the payload data. If the function succeeds, then the "nameout," "header," and "data"...

openssl: double free after calling PEM_read_bio_ex

A double-free vulnerability was found in OpenSSL's PEMreadbioex function. The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" for example, "CERTIFICATE", any header data, and the payload data. If the function succeeds, then the "nameout," "header," and "data"...

SUSE CVE-2009-4138

drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet tha...

SUSE CVE-2019-11683

udpgroreceivesegment in net/ipv4/udpoffload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service slab-out-of-bounds memory corruption or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka t...

UBUNTU-CVE-2022-4450

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

PT-2021-7737

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description The function PEM read bio ex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the name out...

Hyperledger Fabric 代码问题漏洞

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A code issue vulnerability exists in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0, which can be exploited by an attacker by constructing a message with a payload of zero and...

CVE-2019-11683

udpgroreceivesegment in net/ipv4/udpoffload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service slab-out-of-bounds memory corruption or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka t...

UBUNTU-CVE-2019-11683

udpgroreceivesegment in net/ipv4/udpoffload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service slab-out-of-bounds memory corruption or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka t...

PT-2019-12479 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.0.13 Description: The issue allows remote attackers to cause a denial of service or possibly have other impacts via UDP packets with a 0 payload, due to mishandling of padded packets. This is related to the ud...