CVE-2026-39830

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

PT-2026-42709

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A malicious SSH peer can send unsolicited global request responses to fill an internal buffer, which blocks the connection's read loop. This prevents the blocked...

CVE-2026-39830

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

CVE-2026-34067

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2...

Go Ethereum affected by DoS via malicious p2p message

Impact A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later. Patches The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed...

EUVD-2026-2010

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8...

EUVD-2026-2011

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8...

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

EUVD-2021-0072

Malware in sbrugna...

EUVD-2016-2644

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-1549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earli...

GO-2025-3443 CometBFT allows a malicious peer to stall network by disseminating valid-looking block parts in github.com/cometbft/cometbft

CometBFT allows a malicious peer to stall network by disseminating valid-looking block parts in github.com/cometbft/cometbft...

GO-2025-3442 CometBFT allows a malicious peer to make node stuck in blocksync in github.com/cometbft/cometbft

CometBFT allows a malicious peer to make node stuck in blocksync in github.com/cometbft/cometbft...

CVE-2025-24371 Malicious peer can make node stuck in blocksync in github.com/cometbft/cometbft

CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the blocksync protocol peers send their base and latest heights when they connect to a new node A, which is syncing to the tip of a network. base acts as a lower ground and informs A that the...

CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts

Name: ASA-2025-002: Malicious peer can stall network by disseminating seemingly valid block parts Component: CometBFT Criticality: High Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: = v0.38.16, v1.0.0 Affected users: Validators, Full nodes, Users Description A bug was...

GHSA-R3R4-G7HQ-PQ4F CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts

Name: ASA-2025-002: Malicious peer can stall network by disseminating seemingly valid block parts Component: CometBFT Criticality: High Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: = v0.38.16, v1.0.0 Affected users: Validators, Full nodes, Users Description A bug was...

GHSA-22QQ-3XWM-R5X4 CometBFT allows a malicious peer to make node stuck in blocksync

Name: ASA-2025-001: Malicious peer can disrupt node's ability to sync via blocksync Component: CometBFT OUTDATED Criticality: Medium Considerable Impact; Possible Likelihood per ACMv1.2 Update of Criticality on 2026-03-06: We've made a mistake and over-rated the criticality of this bug in our...

CometBFT allows a malicious peer to make node stuck in blocksync

Name: ASA-2025-001: Malicious peer can disrupt node's ability to sync via blocksync Component: CometBFT OUTDATED Criticality: Medium Considerable Impact; Possible Likelihood per ACMv1.2 Update of Criticality on 2026-03-06: We've made a mistake and over-rated the criticality of this bug in our...

CVE-2024-3219

The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...

GO-2024-2951 Denial of service when syncing with a malicious peer in github.com/cometbft/cometbft

A malicious peer can cause a syncing node to panic during blocksync. The syncing node may enter into a catastrophic invalid syncing state or get stuck in blocksync mode, never switching to consensus. Nodes that are vulnerable to this state may experience a Denial of Service condition in which...