17 matches found
Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`
Fluentd's inhttp and inforward plugins support receiving gzip-compressed data. While Fluentd correctly enforces size limits on the incoming compressed payloads e.g., via bodysizelimit or chunksizelimit, it was discovered that there is no limit enforced on the size of the decompressed data. If a...
CVE-2026-40988
An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23;...
CVE-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...
EUVD-2026-33030
Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...
CVE-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...
PT-2026-44511
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Uncontrolled Resource Consumption in Kibana can lead to a denial of service through excessive allocation. An authenticated user can send a specially crafted compressed request payload that is...
GHSA-87M7-QFFR-542V Klever-Go MultiDataInterceptor has remote OOM via crafted compressed P2P payload
Summary A remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on the receiving node from a sub-50 KiB gossip payload. A single packet is...
CVE-2026-24158
NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...
EUVD-2026-15013
NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...
CVE-2026-24158
NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...
CVE-2026-24158
NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...
CVE-2026-24158
NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...
CVE-2026-24158
NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...
CVE-2026-24158
CVE-2026-24158 is documented in NVIDIA’s March 2026 Security Bulletin for the NVIDIA TRT (Triton Inference Server). The vulnerability exists in the HTTP endpoint where a large compressed payload can be used to cause a denial of service. The issue is addressed in Triton Inference Server updates, w...
PT-2026-27513
NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...
Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form
A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive memory consumption and potential system instability,...
Updated liblzo packages fix CVE-2014-4607
Updated liblzo packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker CVE-2014-4607...