8 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-32314
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a...
GHSA-VXX9-2994-Q338 Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145
Summary The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body validati...
CVE-2026-32314
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...
GHSA-4W32-2493-32G7 Yamux vulnerable to remote Panic via malformed WindowUpdate credit
Sumary The Rust implementation of Yamux accepts WindowUpdate credit values from the remote peer and applies them to per-stream send-window state. A specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This ...
Yamux vulnerable to remote Panic via malformed WindowUpdate credit
Sumary The Rust implementation of Yamux accepts WindowUpdate credit values from the remote peer and applies them to per-stream send-window state. A specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This ...
Denial-of-Service (DoS)
github.com/hashicorp/yamux is vulnerable to a Denial-of-Service DoS. The vulnerability is due to improper handling of connection timeouts due to Stream.Read calls hanging indefinitely if a corresponding Stream.Write call times out under network congestion, leading to stalled sessions and requirin...
Yamux 安全漏洞
HashiCorp Yamux is a multiplexer from HashiCorp USA. A security vulnerability exists in versions of Yamux prior to 0.13.2, which stems from a possible Yamux memory exhaustion caused by the Active pendingframes property...
PT-2024-25032 · Yamux · Yamux
Name of the Vulnerable Software and Affected Versions: Yamux affected versions not specified Description: Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames, which is not bounded...