24673 matches found
CVE-2026-49755
Technical details beyond what’s in the Initial Description are not provided in the connected documents. Monitor for updates for specifics on affected versions, root cause, and remediation.
CVE-2026-48913
CVE-2026-48913 is a Use After Free vulnerability in the Apache HTTP Server mod_http2 module, affecting versions 2.4.55 through 2.4.67. The issue occurs when file handles are already exhausted, leading to a use-after-free condition. The provided document specifies the vulnerable component (mod_htt...
CVE-2026-49755
Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...
EUVD-2026-35098
Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...
CVE-2026-49755
Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...
EEF-CVE-2026-49755 Decompression bomb DoS in Req via auto-decoded archive and compressed response bodies
Summary Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...
CVE-2026-49755 Decompression bomb DoS in Req via auto-decoded archive and compressed response bodies
Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...
CVE-2026-43974
Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...
CVE-2026-43973
Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...
CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion
Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...
EUVD-2026-35074
Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...
CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion
Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...
CVE-2026-43973
CVE-2026-43973 concerns the Erlang/Elixir library gun_http in the Gun framework. The vulnerability is an uncontrolled resource consumption: three code paths in gun_http:handle/5 accumulate TCP data into a connection buffer using binary concatenation with no upper bound. If a malicious server send...
CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM
Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...
CVE-2026-43974
The CVE concerns the gun_http module of the Erlang-based Gun library (gun_http) in the Gun HTTP client. Affected versions: Gun 2.0.0 up to but not including 2.4.0. Root cause: when a 101 Switching Protocols response arrives over HTTP/1.1, Gun only validates the Upgrade header syntax and the strea...
CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM
Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...
EEF-CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM
Summary Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is receive...
EUVD-2026-35072
Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...
crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation
A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...
CVE-2026-49232 Routinator exits when accepting an incoming HTTP or RTR connection fails
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...