210 matches found
CVE-2026-52814
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...
CVE-2026-52814 Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...
CVE-2026-52814
CVE-2026-52814 affects Gogs’ built-in Go SSH server, where unauthenticated clients can stall the SSH handshake to exhaust file descriptors, spawning unbounded goroutines and causing FD exhaustion that disrupts SSH access. Connected advisories (GHSA-XP79-5MX3-JX52) confirm the vulnerability detail...
Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)
The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...
GHSA-XP79-5MX3-JX52 Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)
The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...
PT-2026-51632
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The built-in Go SSH server in Gogs is subject to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to the ssh.NewServerConn...
CVE-2026-49232 Routinator exits when accepting an incoming HTTP or RTR connection fails
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...
Missing Release of File Descriptor or Handle after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...
Missing Release of File Descriptor or Handle after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...
CVE-2026-39455
CVE-2026-39455 affects the BIG-IP Configuration utility when LDAP authentication is used. Undisclosed traffic can cause the httpd process to exhaust file descriptors, leading to a denial‑of‑service where the Configuration utility stops responding until httpd is restarted. Exploitation: remote, un...
curl: Potential Resource Leak in tool_parsecfg.c at line 279 during fileerror
Summary: A resource leak was identified in src/toolparsecfg.c using the Clang Static Analyzer. When a file error occurs fileerror is true during config parsing, the function returns PARAMREADERROR without ensuring the file stream is properly closed, leading to a potential file descriptor leak...
EUVD-2026-24949
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...
DEBIAN-CVE-2026-33610
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...
CVE-2026-33610
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...
CVE-2026-33610
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...
UBUNTU-CVE-2026-33610
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...
CVE-2026-33610
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...
CVE-2026-33610
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...
CVE-2026-33610 Possible file descriptor exhaustion in forward-dnsupdate
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...
CVE-2026-33610
The CVE describes a denial-of-service risk in PowerDNS: a rogue primary server can exhaust file descriptors when a PowerDNS secondary forwards a DNS update request to it. This is triggered in the forward-dnsupdate path, leading to an eventual DoS on the affected system. Connected advisories (OSV/...