Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/14 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-32314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a...

8.7CVSS5.8AI score0.00451EPSS
Exploits1References3
OSV
OSV
added 2026/03/13 8:4 p.m.6 views

GHSA-VXX9-2994-Q338 Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145

Summary The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body validati...

8.7CVSS5.8AI score0.00451EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/03/13 7:53 p.m.4 views

CVE-2026-32314

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

8.7CVSS5.3AI score0.00451EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/03/13 6:57 p.m.16 views

Yamux vulnerable to remote Panic via malformed WindowUpdate credit

Sumary The Rust implementation of Yamux accepts WindowUpdate credit values from the remote peer and applies them to per-stream send-window state. A specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This ...

8.7CVSS6AI score0.00462EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/03/13 6:57 p.m.5 views

GHSA-4W32-2493-32G7 Yamux vulnerable to remote Panic via malformed WindowUpdate credit

Sumary The Rust implementation of Yamux accepts WindowUpdate credit values from the remote peer and applies them to per-stream send-window state. A specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This ...

8.7CVSS6AI score0.00462EPSS
Exploits1References6
Veracode
Veracode
added 2025/02/03 5:55 a.m.4 views

Denial-of-Service (DoS)

github.com/hashicorp/yamux is vulnerable to a Denial-of-Service DoS. The vulnerability is due to improper handling of connection timeouts due to Stream.Read calls hanging indefinitely if a corresponding Stream.Write call times out under network congestion, leading to stalled sessions and requirin...

7AI score
Exploits0
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.4 views

Yamux 安全漏洞

HashiCorp Yamux is a multiplexer from HashiCorp USA. A security vulnerability exists in versions of Yamux prior to 0.13.2, which stems from a possible Yamux memory exhaustion caused by the Active pendingframes property...

7.5CVSS7.3AI score0.00761EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.8 views

PT-2024-25032 · Yamux · Yamux

Name of the Vulnerable Software and Affected Versions: Yamux affected versions not specified Description: Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames, which is not bounded...

7.5CVSS7.5AI score0.00761EPSS
Exploits0References12
Rows per page
Query Builder