Lucene search
K

7 matches found

NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2025-53114

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

7.5CVSS0.00384EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/18 4:25 p.m.19 views

CVE-2025-53114 CometD has acknowledgement extension out of memory

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

7.5CVSS0.00384EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:25 p.m.5 views

CVE-2025-53114

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

7.5CVSS5.2AI score0.00384EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/06/18 4:25 p.m.27 views

CVE-2025-53114

Affected software: CometD server implementations. A vulnerability arises when clients consistently set ext.ack to 1 during /meta/connect while the acknowledgement extension is enabled, causing the unacknowledged message queue to grow without bound and potentially trigger OutOfMemoryError. Affecte...

7.5CVSS5.2AI score0.00384EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/10 4:46 p.m.15 views

Acknowledgement extension out of memory

Impact Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryError. Such bad clients would always send: json "channel": "/meta/connect",...

7.5CVSS5.5AI score0.00384EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/06/10 4:46 p.m.11 views

GHSA-CQGJ-H8VF-4W59 Acknowledgement extension out of memory

Impact Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryError. Such bad clients would always send: json "channel": "/meta/connect",...

7.5CVSS5.5AI score0.00384EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48527

Name of the Vulnerable Software and Affected Versions CometD versions 5.0.x CometD versions 6.0.x CometD versions 8.0.x Description Improper handling of the acknowledgement extension allows malicious clients to cause a server outage. By consistently sending a fixed batch value in the ext paramete...

7.5CVSS5.5AI score0.00384EPSS
Exploits0References11
Rows per page
Query Builder