Lucene search
K

24 matches found

Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-57080 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in processmessages trusts the 4-byte length prefix sent by a connected peer with no upper bound, while receivedata appends every inbound byte to th...

0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-57080

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in processmessages trusts the 4-byte length prefix sent by a connected peer with no upper bound, while receivedata appends every inbound byte to th...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-57080

Net::BitTorrent (Perl) up to version 2.0.1 is affected by a memory-exhaustion vulnerability caused by an unbounded 4-byte peer-wire message-length prefix in _process_messages. The decoder waits for a full message before processing, allowing the input buffer to grow without limit when a peer annou...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 9:9 p.m.7 views

CVE-2026-45783 libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS5.4AI score0.00354EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 9:9 p.m.25 views

CVE-2026-45783

CVE-2026-45783 pertains to libp2p’s Kad-DHT (JavaScript) implementation. Before version 16.2.6, an unauthenticated remote peer can flood a server-mode Kad-DHT node with unbounded PUT_VALUE messages, whose keys bypass content validation, causing the node’s datastore to exhaust disk space and rende...

7.5CVSS5.4AI score0.00354EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Zephyr 缓冲区错误漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. Zephyr has a buffer error vulnerability, which stems from a 2-byte out-of-bounds write during the L2CAP LE CoC SDU recombination process by the Bluetooth host. This vulnerability may cause remote,...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

FreeSWITCH 资源管理错误漏洞

FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was a resource...

7.5CVSS5.3AI score0.00449EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34069

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the...

5.3CVSS5.4AI score0.00297EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 8:7 p.m.6 views

GHSA-32MQ-HPPH-XFVR @libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

Summary An unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted ke...

7.5CVSS5.9AI score0.00354EPSS
Exploits0References3
NVD
NVD
added 2026/05/08 3:17 p.m.9 views

CVE-2026-44500

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...

5.3CVSS0.00362EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:10 p.m.7 views

CVE-2026-44500

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:10 p.m.10 views

CVE-2026-44500 ZEBRA: Allocation Amplification in Inbound Network Deserializers

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References1
OSV
OSV
added 2026/05/07 8:55 p.m.4 views

GHSA-438Q-JX8F-CCCV Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers

CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

GoBGP 代码问题漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Version 4.4.0 of GoBGP contains a code vulnerability. This vulnerability arises from unauthenticated remote BGP peers sending specially crafted BGP UPDATE messages. When servers process messages with...

7.5CVSS5.9AI score0.00418EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.6 views

core-rs-albatross 安全漏洞

core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions of core-rs-albatross 1.2.2 and earlier contain security vulnerabilities. These vulnerabilities stem from unauthenticated p2p peer-to-peer devices, which can cause the RequestMacroChain message...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/13 11:55 p.m.3 views

CVE-2026-34069 nimiq-consensus panics via RequestMacroChain micro-block locator

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/13 11:55 p.m.3 views

CVE-2026-34069

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/13 11:55 p.m.15 views

CVE-2026-34069

CVE-2026-34069 affects the Rust implementation of Nimiq’s PoS consensus (nimiq/core-rs-albatross). In versions 1.2.2 and earlier, an unauthenticated p2p peer can trigger a panic in the RequestMacroChain message handler when the first locator hash on the victim’s main chain is a micro block hash (...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:22 p.m.20 views

CVE-2026-35457 libp2p-rust has unbounded rendezvous DISCOVER cookies enable remote memory exhaustion

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...

8.2CVSS0.00285EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

rust-libp2p 安全漏洞

rust-libp2p is a Rust implementation of the libp2p open-source network stack. Versions of rust-libp2p prior to 0.17.1 contained a security vulnerability. This vulnerability stemmed from the lack of boundary settings when the meeting server stored paginated cookies, allowing unauthenticated peer...

8.2CVSS5.8AI score0.00285EPSS
Exploits1References1
Rows per page
Query Builder