Threats Tagged 'cwe-670'

CVE-2026-48844 is a high-severity vulnerability in Roundcube Webmail versions 1.6.x before 1.6.16 and 1.7.x before 1.7.1. It involves insecure code evaluation logic in the LDAP autovalues option, which could lead to code injection.

The uuidjs library versions before 14.0.0 contain a vulnerability (CVE-2026-41988) where unexpected writes can occur when using external output buffers with UUID versions 3, 5, or 6. This issue does not affect the commonly used UUID version 4. The vulnerability is classified under CWE-670, indicating always-incorrect control flow implementation. The CVSS score is low (3.2), reflecting limited impact and complexity in exploitation. No known exploits are reported in the wild, and no official patch or remediation guidance is currently available from the vendor.

The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited flag in the cut_fields_newline_char_delim function, causing the utility to print non-delimited lines that should have been suppressed. This can lead to unexpected data being passed to downstream scripts that rely on strict output filtering.

CVE-2026-41527 is a vulnerability in KDE Kleopatra versions before 26.08.0 on Windows. It involves an error in the KUniqueService mechanism that is intended to ensure only one instance of the application runs. Due to this flaw, local users can gain the privileges of a Kleopatra user. The vulnerability has a CVSS score of 6.9, indicating a medium severity level. No official patch or remediation guidance is currently provided by the vendor. There are no known exploits in the wild at this time.

CVE-2026-40942 affects the Data Sharing Framework (DSF) versions prior to 2.1.0. The vulnerability arises from incorrect time comparison logic in caching mechanisms for OIDC JWKS and Metadata Document as well as OIDC token cache. Specifically, inverted time comparisons cause the OIDC metadata and keys cache to never return cached values, resulting in unnecessary HTTP fetches, and the OIDC token cache to never invalidate, causing expired tokens to be reused. This issue is fixed in version 2.1.0.

Varnish Cache version 9.0.0 contains a vulnerability that allows a denial of service via a workspace overflow leading to a daemon panic. This occurs when a malicious client sends an HTTP/1 request, waits for the session to release its worker thread (timeout_linger), and then resumes traffic before the session closes (timeout_idle), sending multiple requests simultaneously to trigger pipelining. The issue stems from incomplete handling of workspace rollback during pipelining, causing prefetched data to exceed workspace limits and crash the server.

Varnish Cache versions prior to 9.0.1 and Varnish Enterprise before 6.0.16r11 contain a vulnerability that can cause a denial of service via a workspace overflow leading to a daemon panic. This occurs during the HTTP/2 session upgrade process when buffer allocation splits the original workspace, and certain amounts of prefetched data cause pipelining operations to exhaust the workspace. The vulnerability is identified as CWE-670, relating to always-incorrect control flow implementation.

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture, and cause the host to panic. This represents a denial-of-service vulnerability in Wasmtime due to guests being able to trigger a panic. The specific issue is that a historical refactoring changed how compiled code referenced tables within the table.* instructions. This refactoring forgot to update the Winch code paths associated as well, meaning that Winch was using the wrong indexing scheme. Due to the feature support of Winch the only problem that can result is tables being mixed up or nonexistent tables being used, meaning that the guest is limited to panicking the host (using a nonexistent table), or executing spec-incorrect behavior and modifying the wrong table. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.

CVE-2026-35414 is a medium severity vulnerability in OpenSSH versions prior to 10.3. It involves an always-incorrect control flow implementation (CWE-670) related to the mishandling of the authorized_keys principals option in uncommon scenarios where a principals list is combined with a Certificate Authority that uses comma characters. This flaw may lead to limited confidentiality and integrity impacts but does not affect availability. There are no known exploits in the wild, and no official patch or vendor advisory is currently available.