GHSA-V9PG-7XVM-68HF python-multipart: Negative Content-Length in parse_form buffers the entire body in memory

Summary parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks. Details...

python-multipart: Negative Content-Length in parse_form buffers the entire body in memory

Summary parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks. Details...

FreeSWITCH 输入验证错误漏洞

FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was a...

PT-2026-47847

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl recv event parses Content-Length with atol and passes the result straight to mallocle...

Linux Distros Unpatched Vulnerability : CVE-2023-34188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker ca...

CVE-2026-32239

A flaw was found in the KJ-HTTP component of Cap’n Proto. When processing HTTP messages, a negative Content-Length value could be implicitly converted to an unsigned integer, resulting in an extremely large length value. An attacker could exploit this behavior by sending specially crafted HTTP...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the KJ-HTTP process. An attacker can cause the system to interpret a negative Content-Length value as an extremely large unsigned value by sending specially crafted HTTP requests or responses, potentially...

UBUNTU-CVE-2026-32239

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

CVE-2026-32239 Cap'n Proto has an integer overflow in KJ-HTTP

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

CVE-2026-32239

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

CVE-2026-32239 Cap'n Proto has an integer overflow in KJ-HTTP

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

capnproto 环境问题漏洞

Capnproto is an open-source Proto serialization/RPC system—including core tools and C++ libraries. Versions of Capnproto prior to 1.4.0 contained environmental vulnerabilities. These vulnerabilities stemmed from the conversion of negative Content-Length values into unsigned numbers, which could...

CVE-2021-31227

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...

EUVD-2005-2912

Malware in sbrugna...

CVE-2005-2912

Linksys WRT54G router allows remote attackers to cause a denial of service CPU consumption and server hang via an HTTP POST request with a negative Content-Length value...

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a suite of embedded server libraries from the Irish company Cesanta that includes features for TCP, HTTP client and server, and WenSocket client and server. A security vulnerability exists in Cesanta Mongoose versions prior to 7.10, which originates when an HTTP server accepts...

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests...

PT-2023-24726 · Mongoose · Mongoose

Name of the Vulnerable Software and Affected Versions: Mongoose versions prior to 7.10 Description: The issue arises from the HTTP server in Mongoose accepting requests with negative Content-Length headers. This can be exploited by an attacker sending a single malicious payload over TCP, causing...

SUSE CVE-2004-0492

Heap-based buffer overflow in proxyutil.c for modproxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service process crash and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied...

SUSE CVE-2004-1311

Integer overflow in the realsetupandgetheader function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based...