Lucene search
K

125 matches found

CVE
CVE
added 5 days ago8 views

CVE-2026-55213

CVE-2026-55213 (h2o HTTP server) – Affected component: lib/http3/qpack.c, invoked while processing a QPACK instruction over HTTP/3. Root cause: on-stack allocation of a large buffer (up to ~800 KB) via alloca, exceeding default musl libc pthread stack size, leading to a segmentation fault when to...

7.5CVSS6.2AI score0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-55213 h2o: musl libc stack overflow (QPACK)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS0.00343EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 3:17 p.m.3 views

DEBIAN-CVE-2026-14330

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 3:17 p.m.12 views

CVE-2026-14330

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS0.001EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 3:17 p.m.3 views

UBUNTU-CVE-2026-14330

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS5.9AI score0.001EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:9 p.m.4 views

CVE-2026-14330

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS5.8AI score0.001EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 2:9 p.m.8 views

EUVD-2026-41007

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS5.8AI score0.001EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 2:9 p.m.38 views

CVE-2026-14330 Pipewire: pulse server alloca stack overflow

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS0.001EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/01 2:9 p.m.5 views

CVE-2026-14330

Multiple unbounded alloca calls in the PulseAudio protocol server. Mitigation No practical mitigation beyond upgrading. The PulseAudio protocol server is a core module required for PulseAudio application compatibility...

5.5CVSS5.8AI score0.001EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 5:51 a.m.10 views

BIT-MYSQL-CLIENT-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

6.5CVSS5.5AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 5:48 a.m.10 views

BIT-MARIADB-MIN-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

6.5CVSS5.5AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 5:48 a.m.12 views

BIT-MARIADB-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

6.5CVSS5.5AI score0.00256EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2026/05/29 12:0 a.m.6 views

h2o -- stack overflow serving static files on musl libc

h2o project reports: When serving static files, h2o can allocate a file path on the stack using alloca. On systems using musl libc, a large allocation can exceed the default pthread stack size and crash the server, causing a denial of service...

5.5AI score0.00052EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.2 views

ruby: Unsafe use of alloca in rb_str_format()

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

7.8CVSS6.9AI score0.0428EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/04/13 11:25 p.m.6 views

SUSE CVE-2026-40393

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca...

6.8CVSS5.8AI score0.00427EPSS
Exploits0References12
CVE
CVE
added 2026/04/12 6:49 p.m.129 views

CVE-2026-40393

In Mesa, WebGPU is affected by out-of-bounds memory access in versions prior to 25.3.6 (and 26 prior to 26.0.1) due to untrusted input deciding the amount of data to allocate for alloca. The issue can lead to a high-severity impact and is exploitable over the network. A patched version is availab...

9.8CVSS5.8AI score0.00427EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/12 6:49 p.m.3 views

CVE-2026-40393

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca...

8.1CVSS5.8AI score0.00427EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.1 views

ruby: Unsafe use of alloca in rb_str_format()

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

7.8CVSS6.9AI score0.0428EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.2 views

ruby: Unsafe use of alloca in rb_str_format()

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

7.8CVSS6.9AI score0.0428EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.5 views

SUSE CVE-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References3
Rows per page
Query Builder