SolarWinds Serv-U DoS exploited in the wild, plus a one-packet Comodo BSOD

A single crafted IPv6 packet can blue-screen any Windows machine running Comodo Internet Security, even if all ports are blocked. The firewall's kernel driver (Inspect.sys) botches the math on IPv6 extension header lengths, causing an integer underflow that leads to an out-of-bounds read or oversized memory copy at kernel level. No authentication, no open ports, no user interaction required: if the host receives the packet, it crashes.

Included because

unauthenticated; no user interaction; kernel-level crash; firewall bypass; network-reachable

Affected estate

Windows systems with Comodo Internet Security installed and Inspect.sys loaded as a firewall driver.

How to check

Check for the presence of Inspect.sys in the drivers directory, or run 'driverquery | findstr Inspect' to confirm the driver is loaded. Verify the Comodo version in the CIS About dialog or via your endpoint inventory tool.

Action

Apply the latest Comodo Internet Security update. If unavailable, disable IPv6 on affected hosts or block malformed IPv6 at a perimeter device.

Urgency

Patch within 24 hours

Why it matters

A single unauthenticated packet causes a kernel crash (BSOD), bypassing all firewall rules because the parsing happens before rule enforcement.

Source

NVD

A bug in Go's mime package lets an attacker trigger quadratic CPU consumption by sending a specially crafted MIME header. Any Go service that parses email-style MIME headers (or anything using WordDecoder.DecodeHeader) could get pinned at high CPU, causing a denial of service. The EPSS score is very low (0.0004), so real-world exploitation is unlikely right now, but it's an easy fix.

Included because

denial of service; common runtime (Go); low exploit probability

Affected estate

Azure Linux 3.0 packages: golang 1.25.10-1, golang 1.26.3-1, gcc 13.2.0-7, python-tensorboard 2.16.2-6, tensorflow 2.16.1-11. Any Go application using the mime package's WordDecoder.DecodeHeader.

How to check

Run 'go version' on your build hosts and check package versions with 'tdnf list installed | grep -E "golang|gcc|tensorflow|tensorboard"' on Azure Linux 3.0.

Action

Update affected packages via tdnf or your package manager. Rebuild Go applications against the patched Go runtime.

Urgency

Patch this week

Why it matters

A crafted MIME header can pin CPU and stall any Go service that processes email-like input.

Source

NVD

The Perl HTML::Entities module before version 3.84 reads freed heap memory when decoding HTML entities. This is a use-after-free bug that could lead to crashes or, in theory, information leaks in any Perl application that processes untrusted HTML. Exploitation probability is very low (EPSS 0.0003).

Included because

use-after-free; common library; processes untrusted input

Affected estate

Systems running perl-HTML-Parser before 3.84. On Azure Linux 3.0, the affected package is perl-HTML-Parser 3.82-1.

How to check

Run 'perl -MHTML::Entities -e "print $HTML::Entities::VERSION"' or check your package manager: 'tdnf list installed | grep perl-HTML-Parser'.

Action

Update perl-HTML-Parser to 3.84 or later via your package manager.

Urgency

Patch this week

Why it matters

Use-after-free in a widely used Perl HTML parsing library could crash services or leak memory contents when processing untrusted input.

Source

NVD

A crafted BGP UPDATE message can crash FRRouting (FRR) versions 10.0 through 10.6 due to missing input validation in the RFAPI RIB code. If you peer with untrusted BGP neighbors or run FRR on internet-facing routers, an attacker can take down your routing daemon. Exploitation requires the ability to send BGP UPDATEs to an affected peer.

Included because

denial of service; routing infrastructure; crafted BGP input

Affected estate

FRRouting installations from stable/10.0 through stable/10.6. Azure Linux 3.0 package frr 10.5.4-1 is confirmed affected.

How to check

Run 'vtysh -c "show version"' or 'frr --version' to confirm the installed FRR version. On Azure Linux: 'tdnf list installed | grep frr'.

Action

Update FRR to the latest patched release via your package manager or from source. Restrict BGP peering to trusted neighbors.

Urgency

Patch this week

Why it matters

A single malicious BGP UPDATE can crash your routing daemon, causing network outages for everything behind that router.

Source

NVD