Lucene search
K

538 matches found

OSV
OSV
added 2026/05/19 7:25 p.m.7 views

GHSA-RF5Q-VWXW-GMRF Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder

Summary A worker-pinning denial of service in Bandit's HTTP/1 chunked transfer decoder. Any unauthenticated client that sends a Transfer-Encoding: chunked request whose body ends with a trailer field RFC 9112 §7.1.2 explicitly permits this causes the connection's worker process to spin forever in...

8.7CVSS5.9AI score0.00637EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.12 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS6.7AI score0.0064EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.11 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS6.7AI score0.0064EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/05/13 1:36 p.m.5 views

CVE-2026-39806

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

8.7CVSS5.8AI score0.00637EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/05/13 1:36 p.m.40 views

CVE-2026-39806 HTTP/1 chunked decoder infinite loop on requests with trailer fields in bandit

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

8.7CVSS0.00637EPSS
Exploits1References4
CVE
CVE
added 2026/05/13 1:36 p.m.28 views

CVE-2026-39806

The CVE-2026-39806 issue affects Bandit (Elixir.Bandit.HTTP1.Socket) where do_read_chunked_data!/5 loops indefinitely when a chunked request includes trailer fields. The root cause is that RFC 9112 §7.1.2 allows trailers after the 0-length chunk, but the code exits only when the next line is imme...

8.7CVSS5.8AI score0.00637EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.19 views

PT-2026-44975

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.43.4 Description A flaw exists in the way the library handles chunked Transfer-Encoding. The read payload function in httplib.h uses std::strtoul to parse the chunk-size field. Because std::strtoul accepts leadi...

7.8CVSS5.8AI score0.00327EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/05/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-7790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 9:31 p.m.6 views

GHSA-32P9-57CR-4X65 cowlib cow_http_te module: Uncontrolled Resource Consumption vulnerability allows Excessive Allocation

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References6
CVE
CVE
added 2026/05/11 6:6 p.m.19 views

CVE-2026-7790

CVE-2026-7790 : Uncontrolled resource consumption in ninenines cowlib (cow_http_te) allows CPU and memory DoS via HTTP/1.1 chunked transfer encoding. The chunk-size field accepts an unbounded number of hex digits, causing O(N^2) CPU work and O(N) memory for N digits; drip-fed input worsens this t...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/11 6:6 p.m.7 views

EEF-CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Summary Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, ...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/07 12:13 a.m.10 views

Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing

Summary Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Details io.netty.handler.codec.http.HttpObjectDecodergetChunkSize silently overflows int. The size is accumulated as follows: result = 16; result += digit; The result is checked only for negative values...

6.5CVSS5.9AI score0.00364EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/07 12:13 a.m.4 views

GHSA-M4CV-J2PX-7723 Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing

Summary Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Details io.netty.handler.codec.http.HttpObjectDecodergetChunkSize silently overflows int. The size is accumulated as follows: result = 16; result += digit; The result is checked only for negative values...

6.5CVSS5.9AI score0.00364EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38373

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Netty versions prior to 4.1.133.Final Description Netty's chunk size parser silently overflows an integer, which allows for request smuggling attacks. This occurs within the getChunkSize function of the...

6.5CVSS5.9AI score0.00364EPSS
Exploits1References394
RedHat Linux
RedHat Linux
added 2026/05/06 5:59 p.m.10 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS7.2AI score0.0064EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/05/06 12:36 p.m.12 views

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/04 11:37 p.m.8 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS7.2AI score0.0064EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2026/04/28 11:46 p.m.4 views

CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.3AI score0.00487EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.15 views

PT-2026-35863

Name of the Vulnerable Software and Affected Versions Starman versions prior to 0.4018 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request, whi...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References19
OSV
OSV
added 2026/04/22 10:57 a.m.7 views

CLSA-2026-1776855452 libsoup: Fix of 2 CVEs

CVE-2026-1801: use CRLF as line boundary when parsing chunked encoding data to prevent HTTP request smuggling via lone LF - CVE-2026-2443: reject Range header ends exceeding content length to prevent out-of-bounds read in byte range handling...

6.5CVSS5.8AI score0.0043EPSS
Exploits0References1
Rows per page
Query Builder