Astra Linux – Vulnerability in Wheel

A vulnerability was discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier. This vulnerability allows remote attackers to cause a denial of service by using attacker-controlled input to the wheel cli...

CLEANSTART-2026-UC40249 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-wjrx-6529-hcj3 applied in versions: 0.37.1-r0

Multiple security vulnerabilities affect the atlantis-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-CZ64396 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-wjrx-6529-hcj3 applied in versions: 0.37.1-r1

Multiple security vulnerabilities affect the atlantis package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-QX63233 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-wjrx-6529-hcj3 applied in versions: 0.37.1-r1

Multiple security vulnerabilities affect the atlantis package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-31870

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

CVE-2026-31870

cpp-httplib prior to 0.37.1 uses streaming API (httplib::stream::Get, httplib::stream::Post, etc.) and directly calls std::stoull on the Content-Length header without validation, causing unhandled exceptions and a deterministic crash via std::terminate() when a non-numeric or out-of-range value i...

CVE-2026-31870 cpp-httplib Affected by Remote Process Crash via Malformed Content-Length Response Header

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

CVE-2026-31870 cpp-httplib Affected by Remote Process Crash via Malformed Content-Length Response Header

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

PT-2026-24759

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

Linux Distros Unpatched Vulnerability : CVE-2026-31870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API...

python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

CVE-2022-40898

...

PT-2024-40018 · Ckb · Ckb

Name of the Vulnerable Software and Affected Versions: Ckb versions prior to 0.35.2 Ckb versions prior to 0.36.1 Ckb versions prior to 0.37.1 Ckb versions prior to 0.38.2 Description: The issue causes faulty nodes to reject transactions that call the load cell data syscall when the input cell is...

CVE-2023-34450

CometBFT (CVE-2023-34450) describes a deadlock in PeerState JSON serialization introduced by a change in versions 0.34.28 and 0.37.1. The deadlock can be triggered either by logging to JSON (consensus module set to debug) or by the RPC dump_consensus_state, potentially halting the node. The issue...

CVE-2023-34450 CometBFT PeerState JSON serialization deadlock

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is...

CometBFT 安全漏洞

CometBFT is a Byzantine Fault Tolerant BFT middleware that employs stateful transducers written in any programming language and can be safely replicated on many machines. A security vulnerability exists in CometBFT versions v0.34.28, v0.37.1 that stems from the introduction of a deadlock when...

Input validation

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

CVE-2023-28113

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

GHSA-QWMP-2CF2-G9G6 pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)

Python Packaging Authority PyPA Wheel is a reference implementation of the Python wheel packaging standard. Wheel 0.37.1 and earlier are vulnerable to a Regular Expression denial of service via attacker controlled input to the wheel cli. The vulnerable regex is used to verify the validity of Whee...

UBUNTU-CVE-2022-40898

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...