15 matches found
CVE-2026-44982
CrowdSec offers crowdsourced protection against malicious IPs. From 1.5.0 until 1.7.8, pkg/appsec/request.go NewParsedRequestFromRequest allocated a request body buffer from maxr.ContentLength, 0, so HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests without a content-length...
CVE-2026-44981
CrowdSec offers crowdsourced protection against malicious IPs. From 1.7.0 until 1.7.8, the LAPI router used gin-contrib/gzip with DefaultDecompressHandle globally in pkg/apiserver/controllers/controller.go, causing /v1/watchers and /v1/watchers/login to decompress unauthenticated gzip-compressed...
CVE-2026-44982
CVE-2026-44982 affects CrowdSec AppSec. The bug in pkg/appsec/request.go NewParsedRequestFromRequest reads the body using max(r.ContentLength, 0), causing HTTP/1.1 chunked and HTTP/2 without Content-Length to appear with an empty body, bypassing body-inspection rules (REQUEST_BODY, BODY_ARGS, ARG...
CVE-2026-44982 CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests
CrowdSec offers crowdsourced protection against malicious IPs. From 1.5.0 until 1.7.8, pkg/appsec/request.go NewParsedRequestFromRequest allocated a request body buffer from maxr.ContentLength, 0, so HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests without a content-length...
CVE-2026-44981
CrowdSec LAPI is affected. The LAPI router uses gin-contrib/gzip with DefaultDecompressHandle globally in pkg/apiserver/controllers/controller.go, causing unauthenticated gzip payloads to be decompressed on /v1/watchers and /v1/watchers/login without a maximum decompressed size, which can trigger...
CVE-2026-44981 CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression
CrowdSec offers crowdsourced protection against malicious IPs. From 1.7.0 until 1.7.8, the LAPI router used gin-contrib/gzip with DefaultDecompressHandle globally in pkg/apiserver/controllers/controller.go, causing /v1/watchers and /v1/watchers/login to decompress unauthenticated gzip-compressed...
GO-2026-5641 CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests in github.com/crowdsecurity/crowdsec
CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests in github.com/crowdsecurity/crowdsec...
GO-2026-5041 CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression in github.com/crowdsecurity/crowdsec
CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression in github.com/crowdsecurity/crowdsec...
CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests
Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...
GHSA-RW47-HM26-6WR7 CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests
Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...
CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression
The LAPI router uses gin-contrib/gzip with DefaultDecompressHandle globally pkg/apiserver/controllers/controller.go. This middleware decompresses incoming request bodies without enforcing a maximum decompressed size. The endpoints /v1/watchers or /v1/watchers/login require no authentication. An...
GHSA-273H-GVWR-C3QJ CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression
The LAPI router uses gin-contrib/gzip with DefaultDecompressHandle globally pkg/apiserver/controllers/controller.go. This middleware decompresses incoming request bodies without enforcing a maximum decompressed size. The endpoints /v1/watchers or /v1/watchers/login require no authentication. An...
Sorting Through Haystacks to Find CTI Needles
Clouded vision CTI systems are confronted with some major issues ranging from the size of the collection networks to their diversity, which ultimately influence the degree of confidence they can put on their signals. Are they fresh enough and sufficiently reliable to avoid any false positives or...
The Era of Cyber Threat Intelligence Sharing
We spent forty years defending ourselves as individuals. Trying to outsmart cybercriminals, outpower them, and when all our efforts failed, only then we considered banding together with our peers to outnumber them. Cybercriminals don't reinvent themselves each time. Their resources are limited, a...
Of Cybercriminals and IP Addresses
You don't like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide at least the good ones, for example, behind layers of proxies, VPNs, or TOR nodes. Their IP address will never be exposed directly to the target's...