3 matches found
CVE-2026-21434 vulnerabilities
Vulnerabilities for packages: ipfs-cluster-fips, rke2-runtime, kubo, spegel-fips, ipfs-cluster, spegel, k3s...
Centrifugo v6.6.0 dependency vulnerabilities
Summary Centrifugo v6.6.0 binary is compiled with Go 1.25.5 and statically links github.com/quic-go/webtransport-go v0.9.0, having 7 known CVEs Go standard library — compiled with Go 1.25.5: | CVE | Severity | CVSS | Fixed In | |-----|----------|------|----------| | CVE-2025-68121 | CRITICAL | 10...
CVE-2026-21434 webtransport-go affected by Memory Exhaustion Attack due to Missing Length Check in WT_CLOSE_SESSION Capsule
webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation...