16 matches found
CVE-2026-41285
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery ND option over a local network with length zero, because of an "ndoptlen 8 - 2" expression with no preceding check for whether ndoptlen is zero...
EUVD-2026-23996
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery ND option over a local network with length zero, because of an "ndoptlen 8 - 2" expression with no preceding check for whether ndoptlen is zero...
CVE-2026-41285
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery ND option over a local network with length zero, because of an "ndoptlen 8 - 2" expression with no preceding check for whether ndoptlen is zero...
EUVD-2026-16157
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
DEBIAN-CVE-2026-23397
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
CVE-2026-23397
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
CVE-2026-23397
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
CVE-2026-23397
CVE-2026-23397 affects the Linux kernel nfnetlink_osf fingerprint matching. The issue arises when parsing TCP option fingerprints: add-time checks for option lengths are insufficient, allowing a zero-length option to bypass bounds checks and potentially trigger a fault in nf_osf_match_one() (kern...
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
PT-2026-28330
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the nfnetlink osf module related to the validation of option lengths in network packet fingerprints. Specifically, the nfnl osf add callback...
EUVD-2019-6639
Malware in sbrugna...
SUSE CVE-2020-24337
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcpparseoptions in picotcp.c...
CVE-2019-15702
In the TCP implementation gnrctcp in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transportlayer/tcp/gnrctcpoption.c has an infinite loop for an unknown zero-length option...
RedHat Linux 7.0 - Roaring Penguin PPPoE Denial of Service
RedHat Linux 7.0 - Roaring Penguin PPPoE Denial of Service source: https://www.securityfocus.com/bid/2098/info Roaring Penguin Software's PPPoE is a freeware PPP over Ethernet client often used by ADSL subscribers running Linux or NetBSD. PPPoE contains a possibly remotely exploitable denial of...
PT-1997-1090 · Hewlett Packard · Ascend +1
Name of the Vulnerable Software and Affected Versions: Ascend and 3com routers affected versions not specified Description: The issue allows for a denial of service in affected routers, which can be rebooted by sending a zero length TCP option. Recommendations: At the moment, there is no...