Lucene search
+L

1517 matches found

cvelist
cvelist
added 2 days ago26 views

CVE-2026-59246 Zero-length HTTP/2 CONTINUATION frames bypass Mint's header-block byte-size cap and exhaust client memory

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...

6.3CVSS0.00305EPSS
Exploits0References4
nessus
nessus
added 6 days ago8 views

libcurl 8.18.0 < 8.21.0 QUIC UDP Denial of Service (CVE-2026-11352)

The version of libcurl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - An issue in curl's QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client...

7.5CVSS6.4AI score0.0101EPSS
Exploits1References2
redhat
redhat
added 2026/07/06 2:31 p.m.5 views

kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...

9.1CVSS5.9AI score0.00591EPSS
Exploits0References5
redhat
redhat
added 2026/07/06 4:59 a.m.4 views

kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...

9.1CVSS5.9AI score0.00591EPSS
Exploits0References5
redhat
redhat
added 2026/07/06 4:29 a.m.3 views

kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...

9.1CVSS5.9AI score0.00591EPSS
Exploits0References5
osv
osv
added 2026/07/03 11:46 a.m.4 views

SUSE-SU-2026:2747-1 Security update for libarchive

This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4424: information disclosure via heap out-of-bounds read in RAR archive processing bsc1259928. - CVE-2026-4426: undefined behavior due to unvalidat...

9.8CVSS7.4AI score0.01073EPSS
Exploits1References9
snyk
snyk
added 2026/07/03 8:18 a.m.10 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the udpreceive process. An attacker can cause the client to enter a busy-loop and become unresponsive by continuously sending zero-length UDP datagrams from a malicious HTTP/3 server. Remediation Upgrade libcurl to...

8.7CVSS6.2AI score0.0101EPSS
Exploits1References2
mscve
mscve
added 2026/07/03 8:3 a.m.4 views

Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling

...

6.5CVSS5.9AI score0.00248EPSS
Exploits0
cvelist
cvelist
added 2026/07/03 6:12 a.m.47 views

CVE-2026-11352 QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

0.0101EPSS
Exploits1References3
cve
cve
added 2026/07/03 6:12 a.m.36 views

CVE-2026-11352

The CVE-2026-11352 issue affects curl/libcurl: a bug in the QUIC UDP receive path discards zero-length UDP datagrams instead of counting them toward the per-call budget, enabling a connected HTTP/3 peer to continuously send empty datagrams and cause a remote denial-of-service against curl or libc...

7.5CVSS6.7AI score0.0101EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/07/03 6:12 a.m.3 views

CVE-2026-11352 QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS6.4AI score0.0101EPSS
Exploits1References5
nessus
nessus
added 2026/07/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-14258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References4
redhat
redhat
added 2026/07/01 9:21 p.m.12 views

dnsmasq: NSEC bitmap parsing infinite loop

A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...

7.5CVSS6.1AI score0.07237EPSS
Exploits0References5
redhat
redhat
added 2026/07/01 6:54 p.m.6 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.7AI score0.00805EPSS
Exploits0References4
nvd
nvd
added 2026/07/01 11:16 a.m.12 views

CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS0.00248EPSS
Exploits0References4
osv
osv
added 2026/07/01 11:16 a.m.4 views

DEBIAN-CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/01 9:24 a.m.8 views

CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References5
cve
cve
added 2026/07/01 9:24 a.m.27 views

CVE-2026-14258

CVE-2026-14258 affects dhcpcd’s IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement with a zero-length ND option bypasses validation during packet storage and is reparsed with inadequate validation, causing the parser to enter a non-advancing loo...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References4
nessus
nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-6331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility...

7.5CVSS6.1AI score0.00147EPSS
Exploits0References3
redhat
redhat
added 2026/06/29 3:13 p.m.5 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.7AI score0.00805EPSS
Exploits0References4
Rows per page
Query Builder