1449 matches found
Unity Linux 20.1070e Security Update: festival (UTSA-2026-016710)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016710 advisory. festivalserver in Centre for Speech Technology Research CSTR Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LDLIBRARYPATH,...
Exploit for Untrusted Pointer Dereference in Microsoft
CVE-2026-40369: Defensive Analysis of the 12-Byte Windows Kern...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fixed the direction of 0-length ioctl control messages The syzbot fuzzer identified a issue with the usbtmc driver: When a user sends an ioctl with a 0-length control transfer, the driver does not check whether the...
Astra Linux - уязвимость в opensc
A flaw was discovered in OpenSC packages that could allow for a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length PIN is passed. This issue poses a security risk, especially for OS...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauthgss: Avoid NULL dereferencing on a zero-length gsstoken in gssreadproxyverf A zero-length gsstoken results in pageaddress being == 0, and intoken-pages0 being NULL. The code pageaddressintoken-pages0, which can lea...
Astra Linux - уязвимость в linux-5.15, linux-6.1
A flaw was discovered in vringhkiovadvance in drivers/vhost/vringh.c, located in the host side of a virtio ring within the Linux Kernel. This issue may lead to a denial of service from the guest to the host through zero-length descriptors...
dnsmasq: NSEC bitmap parsing infinite loop
A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...
dnsmasq: NSEC bitmap parsing infinite loop
A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...
libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()
A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...
libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()
A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...
EUVD-2025-209887
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x0...
CVE-2025-56352
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x0...
CVE-2025-56352
CVE-2025-56352 affects the tinyMQTT broker. When processing a CONNECT packet with a zero-length Client ID and CleanSession=0, the broker returns CONNACK 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection, leaving the socket open. Repeated invalid CONNECT attempts can exha...
CLSA-2026-1778944149 libsoup: Fix of CVE-2026-2369
CVE-2026-2369: fix integer underflow in sniffunknown on zero-length buffer that caused an out-of-bounds read in the content sniffer...
CLSA-2026-1778894153 libarchive: Fix of CVE-2025-60753
CVE-2025-60753: denial of service in bsdtar -s substitution when the regular expression matches a zero-length string, causing an infinite loop in applysubstitution...
CLSA-2026-1778893359 libarchive: Fix of CVE-2025-60753
CVE-2025-60753: denial of service in bsdtar -s substitution when the regular expression matches a zero-length string, causing an infinite loop in applysubstitution...
CVE-2026-44699
LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...
CVE-2026-44699
LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...
CLSA-2026-1778772686 libsoup: Fix of CVE-2026-2369
CVE-2026-2369: fix integer underflow in sniffunknown on zero-length buffer that caused an out-of-bounds read in the content sniffer...
CLSA-2026-1778662869 libsoup: Fix of CVE-2026-2369
CVE-2026-2369: fix integer underflow in sniffunknown on zero-length buffer that caused an out-of-bounds read in the content sniffer...