CLSA-2026-1779369352

Import Source

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1779369352

Upstream

Published

2026-05-21T13:15:57Z

Modified

2026-06-04T09:47:29.270479141Z

Summary

Fix CVE(s): CVE-2026-43618

Details

SECURITY UPDATE: integer overflow in compressed-token decoder
- debian/patches/CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX and reject over-long simplerecv_token literal chunks to prevent remote memory disclosure via crafted compressed stream
- CVE-2026-43618

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-2.1ubuntu1.6+tuxcare.els6

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779369352.json"