dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

UBUNTU-CVE-2026-44250

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

CVE-2026-44250 Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

CVE-2026-44250

CVE-2026-44250 describes memory exhaustion DoS in Netty’s RedisArrayAggregator. Affected: io.netty:netty-codec-redis in versions prior to 4.1.135.Final and 4.2.15.Final. Root cause: processing of deeply nested Redis arrays from a crafted payload causes unbounded AggregateState/ArrayList allocatio...

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained a resource management vulnerability. This...

GHSA-3244-J874-RHC2 Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Summary An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Details io.netty.handler.codec.redis.RedisArrayAggregator...

Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Summary An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Details io.netty.handler.codec.redis.RedisArrayAggregator...

PT-2026-47543

Summary An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Details io.netty.handler.codec.redis.RedisArrayAggregator...

PT-2026-47601

Name of the Vulnerable Software and Affected Versions netty-codec-redis versions prior to 4.1.135.Final netty-codec-redis versions prior to 4.2.15.Final Description A denial of service can occur when an attacker sends a crafted Redis payload containing deeply nested arrays. The...

CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

Astra Linux – Vulnerability in Jackson-Databind

In FasterXML Jackson-Databind before version 2.13.4, resource exhaustion can occur due to the lack of a check in BeanDeserializer.deserializeFromArray, which prevents the use of deeply nested arrays. An application becomes vulnerable only with certain customized choices for deserialization...

CVE-2026-41197

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA...

CVE-2026-41197

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA...

CVE-2026-41197 Brillig: Heap corruption in foreign call results with nested tuple arrays

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA...

CVE-2026-41197

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA...

CVE-2026-41197 Brillig: Heap corruption in foreign call results with nested tuple arrays

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA...