Lucene search
+L

5 matches found

nvd
nvd
added 2026/03/13 7:54 p.m.8 views

CVE-2026-31814

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...

8.7CVSS0.00462EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/03/13 7:19 p.m.9 views

CVE-2026-31814

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...

8.7CVSS5.8AI score0.00462EPSS
Exploits1References2Affected Software1
github
github
added 2026/03/13 6:57 p.m.17 views

Yamux vulnerable to remote Panic via malformed WindowUpdate credit

Sumary The Rust implementation of Yamux accepts WindowUpdate credit values from the remote peer and applies them to per-stream send-window state. A specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This ...

8.7CVSS6AI score0.00462EPSS
Exploits1References6Affected Software1
osv
osv
added 2026/03/13 6:57 p.m.5 views

GHSA-4W32-2493-32G7 Yamux vulnerable to remote Panic via malformed WindowUpdate credit

Sumary The Rust implementation of Yamux accepts WindowUpdate credit values from the remote peer and applies them to per-stream send-window state. A specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This ...

8.7CVSS6AI score0.00462EPSS
Exploits1References6
cnnvd
cnnvd
added 2026/03/13 12:0 a.m.10 views

Yamux 输入验证错误漏洞

Yamux is a multiplexer developed under the open-source Libp2p project in the United States. Versions of Yamux from 0.13.0 to 0.13.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from a specially crafted WindowUpdate that could cause an arithmetic overflo...

8.7CVSS5.9AI score0.00462EPSS
Exploits1References1
Rows per page
Query Builder