AZL-76364 CVE-2025-63658 affecting package fluent-bit 3.1.10-4

A stack overflow in the mkhttpindexlookup function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

AZL-76539 CVE-2025-63652 affecting package fluent-bit 3.1.10-4

A use-after-free in the mkhttprequestend function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

PT-2026-5338

Name of the Vulnerable Software and Affected Versions Monkey versions prior to commit f37e984 Description A use-after-free issue exists in the mk string char search function located in mk core/mk string.c. This allows attackers to cause a Denial of Service DoS by sending a crafted HTTP request to...

PT-2026-5339

Name of the Vulnerable Software and Affected Versions Monkey affected versions not specified Description A use-after-free issue exists in the mk http request end function located in mk server/mk http.c. This flaw allows attackers to potentially cause a Denial of Service DoS by sending a specially...

PT-2026-5337

Name of the Vulnerable Software and Affected Versions monkey commit f37e984 Description An out-of-bounds read exists in the mk ptr to buf function within the mk core function located in mk memory.c. This issue can be triggered by sending a specially crafted HTTP request to the server, potentially...

PT-2026-5342

Name of the Vulnerable Software and Affected Versions monkey commit f37e984 Description An out-of-bounds read exists in the header cmp function located in mk server/mk http parser.c. This issue allows attackers to cause a Denial of Service DoS by sending a crafted HTTP request to the server...

PT-2026-5341

Name of the Vulnerable Software and Affected Versions Monkey versions prior to commit f37e984 Description A flaw exists in the mk http range parse function located in mk server/mk http.c that can lead to a Denial of Service DoS. This occurs when a specially crafted HTTP request is sent to the...

PT-2026-5340

Name of the Vulnerable Software and Affected Versions monkey commit f37e984 Description An out-of-bounds read exists in the mk vhost fdt close function located in mk server/mk vhost.c. This issue allows attackers to cause a Denial of Service DoS by sending a crafted HTTP request to the server...

CVE-2025-63651

CVE-2025-63651 is a use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of the Monkey project, fixed by updating to commit f37e984 or later. The vulnerability allows a crafted HTTP request to trigger a Denial of Service via the affected string-search path. Affected componen...

EUVD-2025-206526

An out-of-bounds read in the mkvhostfdtclose function mkserver/mkvhost.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

EUVD-2025-206521

A stack overflow in the mkhttpindexlookup function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-63658

CVE-2025-63658 is a stack overflow vulnerability in the Monkey server code. The flaw resides in the mk_http_index_lookup function (mk_server/mk_http.c) triggered by handling crafted HTTP requests, leading to Denial of Service. The observed root cause is a stack overflow in the handling/lookup log...