Lucene search
+L

10 matches found

redhat
redhat
added 2026/04/14 7:23 a.m.6 views

undici: undici: Denial of Service via crafted WebSocket frame with large length

A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primar...

7.5CVSS7.1AI score0.00488EPSS
Exploits0References7
susecve
susecve
added 2026/04/11 9:27 a.m.7 views

SUSE CVE-2026-1528

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS7.1AI score0.00488EPSS
Exploits0References8
redhat
redhat
added 2026/04/08 6:17 p.m.12 views

undici: undici: Denial of Service via crafted WebSocket frame with large length

A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primar...

7.5CVSS6AI score0.00488EPSS
Exploits0References7
euvd
euvd
added 2026/03/13 8:7 p.m.3 views

EUVD-2026-11703

Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/03/12 10:23 p.m.6 views

CVE-2026-1528

A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primar...

7.5CVSS5.7AI score0.00488EPSS
Exploits0References6
osv
osv
added 2026/03/12 9:16 p.m.3 views

DEBIAN-CVE-2026-1528

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS7.5AI score0.00488EPSS
Exploits0References1
nvd
nvd
added 2026/03/12 9:16 p.m.4 views

CVE-2026-1528

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS0.00488EPSS
Exploits0References21
debiancve
debiancve
added 2026/03/12 8:21 p.m.8 views

CVE-2026-1528

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS7.5AI score0.00488EPSS
Exploits0
osv
osv
added 2026/03/12 8:21 p.m.7 views

CVE-2026-1528 undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS7AI score0.00488EPSS
Exploits0References24
ptsecurity
ptsecurity
added 2026/03/12 12:0 a.m.8 views

PT-2026-25075

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.24.0 undici versions prior to 6.24.0 Description A server can respond with a WebSocket frame utilizing the 64-bit length format and an excessively large length value. The ByteParser component within undici experience...

7.5CVSS6.8AI score0.00488EPSS
Exploits0References223
Rows per page
Query Builder