DEBIAN-CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of ResponseReader, which had a quadratic time complexity when...

CLSA-2026-1778173027 dovecot: Fix of CVE-2026-27858

CVE-2026-27858: fix unbounded memory allocation in managesieve-login when AUTHENTICATE initial response literal size is excessively large...

CVE-2026-40924

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAllresp.Body with no response body size limit. Any tenant...

Tekton Pipelines 资源管理错误漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. Versions of Tekton Pipelines prior to 1.11.1 contained a resource management vulnerability. This vulnerability stemmed from the FetchHttpResource function in the HTTP parser, which did not limit the size of the response...

undici: Undici: Denial of Service due to uncontrolled resource consumption

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

SUSE CVE-2026-2581

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

undici: Undici: Denial of Service due to uncontrolled resource consumption

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

Memory Allocation with Excessive Size Value

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the integration action endpoints. An attacker can exhaust server memory and disrupt service...

GHSA-PHC3-FGPG-7M6H Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

Impact This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An...

Linux Distros Unpatched Vulnerability : CVE-2026-2581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when...

CVE-2026-2581

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

UBUNTU-CVE-2026-2581

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

CVE-2026-2581

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

PT-2026-25067

Impact This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An...

CVE-2026-27887

Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbounded size e.g. tables with many rows or large content bodies, Spin may in so...

CVE-2026-27887 Spin has memory leaks in various WIT interfaces

Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbounded size e.g. tables with many rows or large content bodies, Spin may in so...

CVE-2026-27887

CVE-2026-27887 affects Spin and related components where buffering an entire response from a database or HTTP server can exhaust host memory, causing panics/crashes. The issue arises when a guest app inserts large numbers of rows or large content bodies and Spin buffers the full response before d...