PatchSiren

BitWizard CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM BitWizard CVE published 2026-07-10

CVE-2026-14461

The mtr package is vulnerable to an out-of-bound read issue in the ipinfo_lookup() function. An attacker can influence the TXT response used for AS lookups to trigger this bug by returning a DNS response larger than 512 bytes with a crafted compression pointer in the answer NAME field. The ipinfo_lookup() function uses the response length as the end-of-message boundary for the dn_expand() function, result [truncated]