Lucene search
+L

14 matches found

Cvelist
Cvelist
added 2026/07/10 8:19 p.m.32 views

CVE-2026-57220 RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...

7.5CVSS0.00515EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.11 views

PT-2026-57305

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 4.2.6 Description The RabbitMQ stream listener fails to enforce the configured stream frame-size limit when assembling frames during authentication and before Tune negotiation. This allows an unauthenticated remote...

7.5CVSS6.1AI score0.00515EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53216

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...

9.8CVSS5.9AI score0.00546EPSS
Exploits0
PyPA
PyPA
added 2026/06/03 2:16 p.m.9 views

PYSEC-0000-CVE-2026-44545

daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...

7.5CVSS5.3AI score0.00328EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/15 12:0 p.m.9 views

RUSTSEC-2026-0154 Unbounded 32-bit allocation

Both the SSH agent server and client accepted peer-controlled frame lengths without enforcing a maximum frame size. This could cause large memory allocations while parsing a maliciously crafted agent frame. A malicious peer could advertise an oversized frame length, causing the client or server t...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/07 3:52 a.m.8 views

EUVD-2026-26716

Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion...

6.9CVSS5.8AI score0.0051EPSS
Exploits0References5
OSV
OSV
added 2026/05/07 3:52 a.m.9 views

GHSA-Q6V9-R226-V65F Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion

Summary Bandit's HTTP/2 parser checks frame size after it has already buffered the full body, instead of when it sees the 9-byte header. A peer can announce a 16 MiB frame on a connection that agreed to 16 KiB frames and the server will silently buffer up to 1024× the agreed budget per connection...

6.9CVSS5.8AI score0.0051EPSS
Exploits0References6
OSV
OSV
added 2026/05/01 8:34 p.m.6 views

EEF-CVE-2026-42788 HTTP/2 frame size limit checked after body is buffered in bandit

Summary Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGS\MAX\FRAME\SIZE limit only after...

6.9CVSS6.1AI score0.0051EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/01/24 9:11 a.m.5 views

kernel: IGB driver inadequate buffer size for frames larger than MTU

A flaw was found in igbconfigurerxring in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue...

7.5CVSS6.7AI score0.00544EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/10/17 12:59 a.m.3 views

SUSE CVE-2023-45871

An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU...

5.3CVSS6.2AI score0.00544EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.3 views

SUSE CVE-2009-4537

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to 1 cause a denial of service temporary network outage via a packet with a crafted size, in conjunction with...

7.8CVSS6.5AI score0.05889EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2021/07/12 12:12 p.m.4 views

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

7.8CVSS7.2AI score0.53861EPSS
Exploits1References5
PyPA
PyPA
added 2021/05/07 3:15 p.m.5 views

PYSEC-2021-12

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS6.9AI score0.01807EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/02/28 9:15 p.m.3 views

DEBIAN-CVE-2018-21035

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption...

7.5CVSS7.5AI score0.02339EPSS
Exploits1References1
Rows per page
Query Builder