125 matches found
CVE-2026-55213
CVE-2026-55213 (h2o HTTP server) – Affected component: lib/http3/qpack.c, invoked while processing a QPACK instruction over HTTP/3. Root cause: on-stack allocation of a large buffer (up to ~800 KB) via alloca, exceeding default musl libc pthread stack size, leading to a segmentation fault when to...
CVE-2026-55213 h2o: musl libc stack overflow (QPACK)
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...
DEBIAN-CVE-2026-14330
Multiple unbounded alloca calls in the PulseAudio protocol server...
CVE-2026-14330
Multiple unbounded alloca calls in the PulseAudio protocol server...
UBUNTU-CVE-2026-14330
Multiple unbounded alloca calls in the PulseAudio protocol server...
CVE-2026-14330
Multiple unbounded alloca calls in the PulseAudio protocol server...
EUVD-2026-41007
Multiple unbounded alloca calls in the PulseAudio protocol server...
CVE-2026-14330 Pipewire: pulse server alloca stack overflow
Multiple unbounded alloca calls in the PulseAudio protocol server...
CVE-2026-14330
Multiple unbounded alloca calls in the PulseAudio protocol server. Mitigation No practical mitigation beyond upgrading. The PulseAudio protocol server is a core module required for PulseAudio application compatibility...
BIT-MYSQL-CLIENT-2026-35549
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...
BIT-MARIADB-MIN-2026-35549
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...
BIT-MARIADB-2026-35549
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...
h2o -- stack overflow serving static files on musl libc
h2o project reports: When serving static files, h2o can allocate a file path on the stack using alloca. On systems using musl libc, a large allocation can exceed the default pthread stack size and crash the server, causing a denial of service...
ruby: Unsafe use of alloca in rb_str_format()
The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...
SUSE CVE-2026-40393
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca...
CVE-2026-40393
In Mesa, WebGPU is affected by out-of-bounds memory access in versions prior to 25.3.6 (and 26 prior to 26.0.1) due to untrusted input deciding the amount of data to allocate for alloca. The issue can lead to a high-severity impact and is exploitable over the network. A patched version is availab...
CVE-2026-40393
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca...
ruby: Unsafe use of alloca in rb_str_format()
The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...
ruby: Unsafe use of alloca in rb_str_format()
The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...
SUSE CVE-2026-35549
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...