CVE-2026-49754

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

CVE-2026-47077

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

EEF-CVE-2026-47077 Unbounded body accumulation in HTTP/3 response loop in hackney

Summary Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every receive...

EUVD-2026-31688

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

Astra Linux - уязвимость в unbound

The DNS protocol in RFC 1035 and its updates allows remote attackers to cause a denial of service resource consumption by arranging for DNS queries to be accumulated over seconds. As a result, responses are sent in a pulsing burst, which can be considered traffic amplification in some cases. This...

Astra Linux - уязвимость в pillow

A issue was discovered in Pillow prior to version 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to handle any combination of \r and \n as line endings. This implementation uses a quadratic method of accumulating lines while searching for a line ending. A malicious EPS...

CVE-2026-31704

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use checkaddoverflow to prevent u16 DACL size overflow setposixaclentriesdacl and setntacldacl accumulate ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size can wrap past 65535, causin...

CVE-2026-31704

CVE-2026-31704 affects the Linux kernel’s ksmbd ACL handling. The vulnerability arises when accumulating ACL entry sizes uses 16-bit counters (u16) in set_posix_acl_entries_dacl() and set_ntacl_dacl(), allowing wraparound past 65535 and causing pointer arithmetic on pndace to land within already-...

EUVD-2026-26513

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use checkaddoverflow to prevent u16 DACL size overflow setposixaclentriesdacl and setntacldacl accumulate ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size can wrap past 65535, causin...

PT-2026-36334

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the functions set posix acl entries dacl and set ntacl dacl accumulate Access Control Entry ACE sizes using u16 variables. When a file contains numerous POSIX ACL...

SUSE CVE-2026-33594

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

Rigorous Security Proofs for Practical Quantum Key Distribution

This thesis is concerned with rigorous security analyses of practical Quantum Key Distribution QKD protocols, using a variety of modern proof techniques. The main results are as follows. First, we establish a security proof for variable-length QKD protocols against IID collective attacks, and...

EUVD-2026-24931

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

net/x25: Fix overflow when accumulating packets

...

EUVD-2026-21938

In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accumulating packets Add a check to ensure that x25sock.fraglen does not overflow. The fraglen also needs to be resetted when purging fragmentqueue in x25clearqueues...

CVE-2026-31417

In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accumulating packets Add a check to ensure that x25sock.fraglen does not overflow. The fraglen also needs to be resetted when purging fragmentqueue in x25clearqueues...

UBUNTU-CVE-2026-31417

In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accumulating packets Add a check to ensure that x25sock.fraglen does not overflow. The fraglen also needs to be resetted when purging fragmentqueue in x25clearqueues...

CVE-2026-31417

In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accumulating packets Add a check to ensure that x25sock.fraglen does not overflow. The fraglen also needs to be resetted when purging fragmentqueue in x25clearqueues...

undici 安全漏洞

Undici is an open-source HTTP/1.1 client developed by Node.js. Undici has a security vulnerability, where the response data from repeated requests may accumulate in memory, potentially leading to denial-of-service attacks...