22 matches found
CVE-2026-48510
CVE-2026-48510 affects MessagePack-CSharp (C#) prior to 2.5.301 and 3.1.7. When decompressing Lz4Block or Lz4BlockArray payloads, the library reads declared uncompressed lengths from the wire and allocates output buffers before validating the data, allowing a small payload to trigger a large allo...
CVE-2026-46340
Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...
CVE-2026-46340 Netty: SCTP reassembly nests buffers without bound
Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...
EUVD-2026-36451
Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...
CVE-2026-52753 Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...
EUVD-2026-36012
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...
National Security Agency Ghidra 安全漏洞
National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the rustdemangle function, which allocated...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded nesting of composite buffers in the SCTP message reassembly process. An attacker can exhaust system memory and cause a denial of service by sending a large number of...
CVE-2026-8466
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...
Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
...
CVE-2026-47073
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...
CVE-2026-47073
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...
CVE-2026-47073
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...
EUVD-2026-31694
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...
CVE-2026-47073 Unbounded memory consumption in WebSocket client in hackney
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...
PT-2026-43070
Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0 through 4.0.0 Description The WebSocket client in src/hackney ws.erl lacks upper bounds on memory consumption across three code paths, allowing for flooding. First, the read handshake response/3 function accumulates...
Security Bulletin: Netty Decompression Decoders Allow Unbounded Buffer Allocation Leading to DoS (Fixed in 4.1.125/4.2.5)
Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially...
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
A flaw was found in Netty. With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service...
RockyLinux 9 : redis:7 (RLSA-2025:7429)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7429 advisory. redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client CVE-2025-21605 Tenable has extracted the preceding...
CVE-2025-58057
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...