5344 matches found
DEBIAN-CVE-2025-5399
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
CVE-2025-5399
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
CVE-2025-5399 WebSocket endless loop
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
CVE-2025-5399 WebSocket endless loop
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
CVE-2025-5399
CVE-2025-5399 affects libcurl’s WebSocket handling. The defect in curl_ws_send/curl WebSocket code can cause a malicious server to trigger an endless busy-loop, leading to denial of service as the application hangs until process termination. Public details confirm the issue arises from a WebSocke...
CVE-2025-5399
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
CVE-2025-5399
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
Cross-site Scripting (XSS)
Overview django-aws-api-gateway-websockets is a Created to allow Django projects to be used as a HTTP backend for AWS API Gateway websockets Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the lack of sanitization an HTTP header in the...
libcurl 安全漏洞
libcurl is a free and easy-to-use client-side URL transport library from the cURL open source. A security vulnerability exists in libcurl versions 8.13.0 through 8.14.0, which stems from mishandling of WebSocket code errors and could lead to a denial of service attack...
SUSE CVE-2025-5399
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
[slackware-security] curl
New curl packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.14.1-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: WebSocket endless loop. For more information, see:...
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
Summary Source code may be stolen when you access a malicious web site with non-Chromium based browser. Details The Origin header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address Origin header...
GHSA-9JGG-88MC-972H webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
Summary Source code may be stolen when you access a malicious web site with non-Chromium based browser. Details The Origin header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address Origin header...
CURL-CVE-2025-5399 WebSocket endless loop
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
WebSocket endless loop
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...
libsoup: Denial of Service attack to websocket server
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service DoS...
libsoup: Denial of Service attack to websocket server
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service DoS...
libsoup: Denial of Service attack to websocket server
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service DoS...
[SECURITY] Fedora 42 Update: lua-http-0.3-17.fc42
lua-http is an efficient, capable HTTP and WebSocket library for Lua...
Origin Validation Error
Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Origin Validation Error via theOrigin header, which allows IP address origins to conne...