Lucene search
+L

65 matches found

redhatcve
redhatcve
added 2026/06/10 9:2 p.m.10 views

CVE-2026-49847

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/09 4:5 p.m.9 views

CVE-2026-49847 FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/06/09 4:5 p.m.9 views

CVE-2026-49847

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References2
osv
osv
added 2026/06/09 4:5 p.m.3 views

CVE-2026-49847 FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

7.5CVSS5.9AI score0.00414EPSS
Exploits0References4
cve
cve
added 2026/06/09 4:5 p.m.30 views

CVE-2026-49847

CVE-2026-49847 affects FreeSWITCH prior to version 1.11.1, where a single unauthenticated WebSocket frame containing a deeply nested JSON document can trigger a stack overflow in the bundled cJSON parser. The recursion drives the worker thread’s stack into the guard page, causing a kernel SIGSEGV...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/05/29 3:58 p.m.3 views

CVE-2026-10099 XX-Net V5.16.6 WebSocket Frame Parsing Data Corruption via simple_http_server.py

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocketreceiveworker routine of simplehttpserver.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

5.1CVSS6AI score0.00125EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/29 3:58 p.m.40 views

CVE-2026-10099 XX-Net V5.16.6 WebSocket Frame Parsing Data Corruption via simple_http_server.py

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocketreceiveworker routine of simplehttpserver.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

5.1CVSS0.00125EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.11 views

XX-Net 安全漏洞

XX-Net is an open-source network stealth proxy tool developed by XX-Net. Version 5.16.6 of XX-Net contains a security vulnerability. This vulnerability stems from issues with WebSocket frame parsing in the WebSocketreceiveworker routine within simplehttpserver.py, which may lead to corruption of...

5.1CVSS5.8AI score0.00125EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/30 4:35 p.m.41 views

CVE-2025-51846 CryptPad unbounded WebSocket frame flood

CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...

8.7CVSS0.00578EPSS
Exploits1References4
redhat
redhat
added 2026/04/14 7:23 a.m.6 views

undici: undici: Denial of Service via crafted WebSocket frame with large length

A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primar...

7.5CVSS7.1AI score0.00488EPSS
Exploits0References7
redhat
redhat
added 2026/04/13 2:27 a.m.12 views

undici: undici: Denial of Service via crafted WebSocket frame with large length

A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primar...

7.5CVSS7.1AI score0.00488EPSS
Exploits0References7
redhat
redhat
added 2026/04/09 8:27 p.m.5 views

undici: undici: Denial of Service via crafted WebSocket frame with large length

A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primar...

7.5CVSS7.1AI score0.00488EPSS
Exploits0References7
redhat
redhat
added 2026/04/09 1:38 p.m.11 views

undici: undici: Denial of Service via crafted WebSocket frame with large length

A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primar...

7.5CVSS7.2AI score0.00488EPSS
Exploits0References7
redhat
redhat
added 2026/04/09 1:4 p.m.5 views

undici: undici: Denial of Service via crafted WebSocket frame with large length

A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primar...

7.5CVSS7.1AI score0.00488EPSS
Exploits0References7
redhat
redhat
added 2026/04/08 6:17 p.m.12 views

undici: undici: Denial of Service via crafted WebSocket frame with large length

A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primar...

7.5CVSS6AI score0.00488EPSS
Exploits0References7
redhat
redhat
added 2026/04/08 1:58 p.m.5 views

undici: undici: Denial of Service via crafted WebSocket frame with large length

A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primar...

7.5CVSS6AI score0.00488EPSS
Exploits0References7
osv
osv
added 2026/03/27 11:47 a.m.6 views

BIT-NATS-2026-27889 NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

7.5CVSS6AI score0.00582EPSS
Exploits0References9
vulnrichment
vulnrichment
added 2026/03/25 7:36 p.m.4 views

CVE-2026-27889 NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

7.5CVSS5.9AI score0.00582EPSS
Exploits0References2
cve
cve
added 2026/03/25 7:36 p.m.41 views

CVE-2026-27889

CVE-2026-27889 pertains to the NATS server when WebSockets are enabled. A pre-authentication remote crash can be triggered by a crafted WebSocket frame with a 64-bit extended payload length MSB set, which causes a signed/unsigned handling issue and results in an unrecovered panic, terminating the...

7.5CVSS5.9AI score0.00582EPSS
Exploits0References8Affected Software1
osv
osv
added 2026/03/25 7:36 p.m.4 views

CVE-2026-27889 NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

7.5CVSS6.4AI score0.00582EPSS
Exploits0References10
Rows per page
Query Builder