10 matches found
GHSA-RRX3-2X4G-MQ2H Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
Impact In affected versions, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript, Mobile Apps. Patches Patched in Bugsink 2.0...
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
Impact In affected versions, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript, Mobile Apps. Patches Patched in Bugsink 2.0...
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input
Impact In affected versions, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the available memory and thus a Denial of Service...
CVE-2025-64509 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript...
CVE-2025-64509 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript...
CVE-2025-64509
Bugsink is affected by CVE-2025-64509. In versions prior to 2.0.6, sending a specially crafted Brotliācompressed envelope can cause Bugsink to spend excessive CPU time during decompression, leading to a Denial of Service when the DSN is known (common in JavaScript/mobile app deployments). The iss...
CVE-2025-64508 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...
CVE-2025-64508 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...
CVE-2025-64508
CVE-2025-64508 affects Bugsink, a self-hosted error-tracking tool. In versions prior to 2.0.5, specially crafted Brotli streams (brotli bombs) can cause memory exhaustion when the server decompresses input before applying limits, enabling a Denial of Service if the DSN is known. The issue is expl...
CVE-2025-64508 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...