Lucene search
K

16 matches found

OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5077 Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding in github.com/xddxdd/bird-lg-go

Bird-lg-go has a Fatal Out-of-Memory OOM Denial of Service via Unbounded JSON Decoding in github.com/xddxdd/bird-lg-go...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 4:37 p.m.45 views

CVE-2026-45047 bird-lg-go: Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS0.00441EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 4:37 p.m.10 views

CVE-2026-45047 bird-lg-go: Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:37 p.m.17 views

CVE-2026-45047

The CVE affects the Go project bird-lg-go. Before version 1.4.5, apiHandler (and webHandlerTelegramBot) directly decode user-provided JSON via json.NewDecoder(r.Body).Decode(&request) without a maximum read size, enabling an unauthenticated attacker to stream a very large or endless JSON payload ...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:37 p.m.10 views

CVE-2026-45047

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Bird-lg-go 资源管理错误漏洞

Bird-lg-go is a BGP routing query tool developed by Yuhui Xu. Versions of Bird-lg-go prior to 1.4.5 contained a resource management vulnerability. This vulnerability stemmed from the apiHandler not limiting the maximum read size when processing the JSON payload provided by users. As a result,...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.17 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS6.1AI score0.00388EPSS
Exploits1References1
NVD
NVD
added 2026/03/04 4:16 p.m.13 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS0.00388EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 12:0 a.m.4 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS6.1AI score0.00388EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/04 12:0 a.m.4 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

6.1AI score0.00388EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.8 views

Bird-lg-go 安全漏洞

Bird-lg-go is a BGP routing query tool developed by Yuhui Xu. Previous versions of bird-lg-go, including 6187a4e, contained security vulnerabilities. These vulnerabilities stemmed from the traceroute module’s use of shlex.Split to parse user input without proper validation. This could allow remot...

7.5CVSS6AI score0.00388EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/03/04 12:0 a.m.4 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS6.1AI score0.00388EPSS
Exploits1References2
OSV
OSV
added 2026/03/04 12:0 a.m.6 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS5.9AI score0.00388EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/04 12:0 a.m.32 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

0.00388EPSS
Exploits1References2
CVE
CVE
added 2026/03/04 12:0 a.m.44 views

CVE-2026-26514

CVE-2026-26514 affects bird-lg-go prior to commit 6187a4e3afce6d8c29568f8c72ca497d1f5a2b56. The traceroute module parses user input with shlex.Split without validation, enabling an attacker to inject arbitrary flags (e.g., -w, -q) via the q parameter. This can lead to Denial of Service (DoS) by e...

7.5CVSS6.1AI score0.00388EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.10 views

PT-2026-22928

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

6.1AI score0.00388EPSS
Exploits1References2
Rows per page
Query Builder