27 matches found
Astra Linux – Vulnerability in Puma
Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies, allowing HTTP request smuggling. The fixed versions limit the size of chunk extensions. Without this limitation, an...
PT-2026-49256
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry count == 0 creating no chunks while still passing validation...
CVE-2026-7790
Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...
CVE-2026-7790
Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...
SUSE CVE-2026-3945
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
AZL-76736 CVE-2026-1801 affecting package libsoup 3.0.4-12
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...
TencentOS Server 3: go-toolset:rhel8 (TSSA-2025:0457)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0457 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunke...
SUSE SLES15 Security Update : rubygem-puma (SUSE-SU-2025:03466-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03466-1 advisory. Update to version 5.6.9. - CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2025:03057-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03057-1 advisory. - CVE-2025-53643: Fixed request smuggling due to incorrect parsing of chunked trailer section bsc1246517...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling through the processing of chunked encoded requests in parseheader function. An attacker can manipulate request boundaries by injecting conflicting Content-Length or Transfer-Encoding headers via trailers which can...
OESA-2025-1497 python-h11 security update
h11 is suitable for implementing both servers and clients, and has a pleasantly symmetric API: the events you send as a client are exactly the ones that you receive as a server and vice-versa. Security Fixes: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's...
Puma Environmental Issues Vulnerability
Puma is a web server for highly concurrent applications from the US-based individual developer Evan Phoenix. An environmental issue vulnerability exists in versions prior to Puma 6.4.2, which stems from a security flaw in puma's parsing of chunked transfer encoders, which allows HTTP requests to ...
SUSE CVE-2015-3183
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...
SUSE CVE-2017-13090
The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...