14 matches found
CVE-2026-25224
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
CVE-2026-25224
CVE-2026-25224 affects Fastify (Node.js). Before 5.7.3, a DoS can occur when a remote client sends a slow or non-reading request while the app returns a ReadableStream (or Web Stream) via reply.send(), causing unbounded buffering and possible memory exhaustion. Impact: server degradation or crash...
CVE-2026-25224
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
EUVD-2026-5158
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
Fastify 安全漏洞
Fastify is an open-source web framework developed by Fastify. Versions of Fastify prior to 5.7.3 contained security vulnerabilities. These vulnerabilities were due to a denial-of-service vulnerability in the handling of Web Streams responses, which could potentially cause remote clients to consum...
Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Impact A Denial of Service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via reply.send are impacted. A slow or non-reading client can trigger unbounded...
Allocation of Resources Without Limits or Throttling
Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the sendWebStream function. An attacker can cause excessive memory consumption by sending a slow or non-reading client request,...
GHSA-MRQ3-VJJR-P77C Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Impact A Denial of Service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via reply.send are impacted. A slow or non-reading client can trigger unbounded...
PT-2026-5743
Name of the Vulnerable Software and Affected Versions Fastify versions prior to 5.7.3 Description Fastify is a web framework for Node.js. A denial-of-service condition exists in Fastify’s Web Streams response handling. A slow or non-reading client can cause unbounded buffering when backpressure i...
mpg123: Buffer overflow when writing decoded PCM samples
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...
2016 - the year of web streams
Yeah, ok, it's a touch bold to talk about something being the thing of the year as early as January, but the potential of the web streams API has gotten me all excited. TL;DR: Streams can be used to do fun things like turn clouds to butts, transcode MPEG to GIF, but most importantly, they can be...