Lucene search
K

27 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Puma

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies, allowing HTTP request smuggling. The fixed versions limit the size of chunk extensions. Without this limitation, an...

7.5CVSS6.1AI score0.00958EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.7 views

PT-2026-49256

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry count == 0 creating no chunks while still passing validation...

6.5CVSS5.4AI score
Exploits0References3
NVD
NVD
added 2026/05/11 7:16 p.m.15 views

CVE-2026-7790

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

8.7CVSS0.00431EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/11 6:6 p.m.8 views

CVE-2026-7790

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

8.7CVSS5.9AI score0.00431EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/31 8:38 a.m.4 views

SUSE CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...

8.7CVSS6AI score0.00598EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 9:16 p.m.5 views

AZL-76736 CVE-2026-1801 affecting package libsoup 3.0.4-12

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

6.5CVSS7.1AI score0.00376EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/16 11:13 p.m.3 views

netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...

7.5CVSS7.1AI score0.00631EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.11 views

TencentOS Server 3: go-toolset:rhel8 (TSSA-2025:0457)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0457 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

9.1CVSS7AI score0.00724EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/14 8:32 p.m.3 views

HTTP Request Smuggling

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunke...

9.9CVSS9.2AI score0.66258EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.1 views

SUSE SLES15 Security Update : rubygem-puma (SUSE-SU-2025:03466-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03466-1 advisory. Update to version 5.6.9. - CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to...

9.8CVSS6.6AI score0.00958EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.2 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2025:03057-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03057-1 advisory. - CVE-2025-53643: Fixed request smuggling due to incorrect parsing of chunked trailer section bsc1246517...

7.5CVSS6.7AI score0.00297EPSS
Exploits0References4
Snyk
Snyk
added 2025/07/10 8:42 p.m.2 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling through the processing of chunked encoded requests in parseheader function. An attacker can manipulate request boundaries by injecting conflicting Content-Length or Transfer-Encoding headers via trailers which can...

8.8CVSS6.8AI score0.00442EPSS
Exploits1References2
OSV
OSV
added 2025/05/09 12:43 p.m.4 views

OESA-2025-1497 python-h11 security update

h11 is suitable for implementing both servers and clients, and has a pleasantly symmetric API: the events you send as a client are exactly the ones that you receive as a server and vice-versa. Security Fixes: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's...

9.1CVSS6.9AI score0.00522EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.13 views

Puma Environmental Issues Vulnerability

Puma is a web server for highly concurrent applications from the US-based individual developer Evan Phoenix. An environmental issue vulnerability exists in versions prior to Puma 6.4.2, which stems from a security flaw in puma's parsing of chunked transfer encoders, which allows HTTP requests to ...

7.5CVSS6.7AI score0.00958EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.4 views

SUSE CVE-2015-3183

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...

5CVSS6.9AI score0.73327EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:40 a.m.3 views

SUSE CVE-2017-13090

The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...

8.8CVSS8.7AI score0.36563EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/07/19 9:7 p.m.3 views

llhttp: HTTP Request Smuggling when parsing the body of chunked requests

An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...

6.5CVSS7.4AI score0.02299EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/06/21 12:40 p.m.2 views

llhttp: HTTP Request Smuggling when parsing the body of chunked requests

An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...

6.5CVSS7.4AI score0.02299EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/06/07 8:24 a.m.2 views

llhttp: HTTP Request Smuggling when parsing the body of chunked requests

An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...

6.5CVSS7.4AI score0.02299EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/06/06 9:29 a.m.3 views

llhttp: HTTP Request Smuggling when parsing the body of chunked requests

An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...

6.5CVSS7.4AI score0.02299EPSS
Exploits1References5
Rows per page
Query Builder