Lucene search
K

1468 matches found

OSV
OSV
added 2026/03/25 11:16 a.m.6 views

UBUNTU-CVE-2026-23298

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/25 10:26 a.m.21 views

CVE-2026-23298 can: ucan: Fix infinite loop from zero-length messages

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

0.00123EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/03/25 10:26 a.m.6 views

CVE-2026-23298

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:26 a.m.4 views

CVE-2026-23298

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

5.6AI score0.00123EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/03/25 10:26 a.m.8 views

CVE-2026-23298

CVE-2026-23298 affects the Linux kernel can: ucan subsystem. A zero-length message on a broken ucan device causes an infinite loop in ucan_read_bulk_callback(), hanging the system. The issue is linked to a historical fix in the kvaser_usb driver (commit 0c73772cd2b8) addressing a similar infinite...

5.5CVSS5.6AI score0.00123EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/25 10:26 a.m.10 views

CVE-2026-23298 can: ucan: Fix infinite loop from zero-length messages

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2026/03/25 8:2 a.m.6 views

Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources

...

9.1CVSS5.8AI score0.0042EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of zero-length messages. This vulnerability could lead to infinite loops and...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
Hacker One
Hacker One
added 2026/03/20 7:14 a.m.10 views

curl: Function `do_pubkey()` can have out-of-bound read issue

Summary A 1-byte out-of-bounds heap read in dopubkey in lib/vtls/x509asn1.c. When parsing an RSA public key with a zero-length or all-zero modulus, the loop dereferences a pointer before checking bounds. Requires a non-OpenSSL TLS backend e.g., Mbed/Gnu. A certificate chain verification can trigg...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-4159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/19 10:41 p.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the wcPKCS7DecodeEnvelopedData function when processing a crafted CMS EnvelopedData message containing zero-length encrypted content. An attacker can cause a 1-byte out-of-bounds heap read by supplying such a...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 10:16 p.m.7 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS0.00095EPSS
Exploits0References1
OSV
OSV
added 2026/03/19 10:16 p.m.5 views

DEBIAN-CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.3AI score0.00095EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/19 10:16 p.m.5 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References2
OSV
OSV
added 2026/03/19 10:16 p.m.5 views

UBUNTU-CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 9:17 p.m.3 views

CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

2.1CVSS5.8AI score0.00095EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 9:17 p.m.27 views

CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

2.1CVSS0.00095EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 9:17 p.m.19 views

CVE-2026-4159

CVE-2026-4159: A 1-byte out-of-bounds heap read in wolfSSL’s wc_PKCS7_DecodeEnvelopedData can be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Affected software: wolfSSL 5.8.4 and earlier; root cause is a 1-byte OOB read during enveloped data decoding. Impac...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/19 9:17 p.m.6 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.2AI score0.00095EPSS
Exploits0
Rows per page
Query Builder