CVE-2026-46679 libp2p: Memory DoS via subscription flood of unique topics

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23...

CVE-2026-46679

CVE-2026-46679 affects the JS implementation of libp2p gossipsub. Three omissions in the default gossipsub logic allow an unauthenticated peer to flood subscriptions and exhaust the Node.js heap, causing memory DoS and potential OOM. The issue arises from an unbounded this.topics map, unbounded p...

Missing Release of Memory after Effective Lifetime

Overview @libp2p/gossipsub is an A typescript implementation of gossipsub Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime through unbounded growth of the topics data structure when processing subscription requests. An attacker can exhaust...

js-libp2p: Memory DoS via subscription flood of unique topics

Summary Three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. 1. defaultDecodeRpcLimits.maxSubscriptions = Infinity packages/gossipsub/src/message/decodeRpc.ts:11: no decode-level cap on...

FreeBSD : py-strawberry-graphql -- Multiple vulnerabilities (6a0aa20d-399f-11f1-8626-901b0edee044)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6a0aa20d-399f-11f1-8626-901b0edee044 advisory. The Strawberry GraphQL project reports: Strawberry up until version 0.312.3 is vulnerable to a...

CVE-2026-35526

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

CVE-2025-56353

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter...

O-RAN RIC 安全漏洞

O-RAN RIC is a RIC application from O-RAN. A security vulnerability exists in O-RAN RIC that stems from an attacker sending a large number of subscription requests via xApp to disrupt the initial connection between the gNB and Near RT-RIC...

PT-2025-7889 · O Ran · O-Ran Near Realtime Ric

Name of the Vulnerable Software and Affected Versions: O-RAN Near Realtime RIC I-Release affected versions not specified Description: An issue was discovered that allows an attacker to disrupt the initial connection between a gNB and the Near RT-RIC. This can be achieved by sending a high volume ...

O-RAN RIC 安全漏洞

O-RAN RIC is a RIC application from O-RAN. A security vulnerability exists in O-RAN RIC that stems from e2mgr crashing when it receives a large number of E2 Subscription Requests...

DEBIAN-CVE-2008-5183

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...