UBUNTU-CVE-2026-7790

Uncontrolled Resource Consumption vulnerability in ninenines cowlib c...

Linux Distros Unpatched Vulnerability : CVE-2026-43966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via...

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

DEBIAN-CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

CVE-2026-43966

CVE-2026-43966 describes a HTTP Response Splitting flaw in the Erlang/cowlib component, where cow_http_struct_hd:escape_string/2 only escapes backslash and quote, allowing CRLF injection into structured HTTP header values. The mismatch between the encoder (allows any byte) and the parser (accepts...

EUVD-2026-35131

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

EEF-CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2

Summary Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cow\http\struct\hd:escape\string/2 in cowlib only escapes \ and ", passing...

PT-2026-47347

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cow http struct hd:escape string/2 in cowlib only escapes and ", passing all other...

Cowlib 注入漏洞

Cowlib is a web protocol message parsing and building library developed by Nine Nines. Version 2.9.0 of Cowlib contains an injection vulnerability, which stems from improper handling of CRLF sequences. This vulnerability may lead to HTTP response splitting, allowing attackers to inject CRLFs...

CVE-2026-7790

A flaw was found in ninenines cowlib, specifically within the cowhttpte module's chunked transfer-encoding parser. An unauthenticated remote attacker can exploit this by sending an HTTP/1.1 request containing a Transfer-Encoding: chunked header with an excessively long hexadecimal string in the...

[SECURITY] Fedora 43 Update: erlang-cowlib-2.16.1-1.fc43

Support library for manipulating Web protocols...

[SECURITY] Fedora 44 Update: erlang-cowlib-2.16.1-1.fc44

Support library for manipulating Web protocols...

Fedora 43 : erlang-cowlib (2026-ce0a56ca97)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ce0a56ca97 advisory. Cowlib 2.16.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 44 : erlang-cowlib (2026-84270bbc49)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-84270bbc49 advisory. Cowlib 2.16.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

CVE-2026-43970

A flaw was found in cowlib. This vulnerability, categorized as Improper Handling of Highly Compressed Data Data Amplification, allows an unauthenticated remote attacker to cause a denial of service DoS. By sending a specially crafted SPDY frame, the cowspdy:inflate/2 function in cowlib passes...

CVE-2026-43968

A flaw was found in cowlib. An Improper Neutralization of CRLF Sequences Carriage Return Line Feed Injection vulnerability allows a remote attacker to inject bare carriage return characters into Server-Sent Events SSE fields. This enables event splitting and injection of arbitrary event types and...

Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

...