2 matches found
CVE-2026-11586
By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...
Curl 8.16.0 < 8.21.0 WebSocket Auto-PONG Memory Exhaustion
The version of curl installed on the remote host is 8.16.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - Because curl lacks an upper bound on memory allocation for unacknowledged WebSocket frames, a malicious server can exhaust all available memory by floodin...