Lucene search
K

651 matches found

Vulnrichment
Vulnrichment
added 2026/06/08 2:12 p.m.9 views

CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion

Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...

8.7CVSS5.8AI score0.00381EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 2:12 p.m.43 views

CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion

Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...

8.7CVSS0.00381EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 2:12 p.m.35 views

CVE-2026-43973

CVE-2026-43973 concerns the Erlang/Elixir library gun_http in the Gun framework. The vulnerability is an uncontrolled resource consumption: three code paths in gun_http:handle/5 accumulate TCP data into a connection buffer using binary concatenation with no upper bound. If a malicious server send...

8.7CVSS5.8AI score0.00381EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 2:12 p.m.9 views

EUVD-2026-35074

Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...

8.7CVSS5.8AI score0.00381EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 2:12 p.m.9 views

EEF-CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion

Summary Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary...

8.7CVSS5.8AI score0.00381EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

Gun 安全漏洞

Gun is an open-source Erlang HTTP client developed by Nine Nines, supporting HTTP/1.1, HTTP/2, and WebSocket. Versions of Gun from 1.0.0 to 2.4.0 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled resource consumption in the gunhttp module, which could allow...

8.7CVSS5.3AI score0.00381EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47299

Name of the Vulnerable Software and Affected Versions ninenines gun versions 1.0.0 through 2.3.x Description Uncontrolled Resource Consumption in the gun http module allows a malicious server to exhaust client memory through unbounded HTTP/1.1 response buffering. In the handle/5 function, three...

8.7CVSS5.7AI score0.00381EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2026-2031)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short...

7.5CVSS5.9AI score0.00844EPSS
Exploits1References8
EUVD
EUVD
added 2026/05/27 12:56 p.m.12 views

EUVD-2026-32397

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...

5.9AI score0.00122EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43883

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A NULL pointer dereference issue exists in the remoteproc xlnx component. The system may crash if the receive callback does...

5.5CVSS6.2AI score0.00122EPSS
Exploits0
NVD
NVD
added 2026/05/25 3:16 p.m.16 views

CVE-2026-47077

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

8.2CVSS0.00703EPSS
Exploits1References4
OSV
OSV
added 2026/05/25 2:0 p.m.7 views

EEF-CVE-2026-47073 Unbounded memory consumption in WebSocket client in hackney

Summary Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffe...

8.7CVSS5.9AI score0.00825EPSS
Exploits1References4
OSV
OSV
added 2026/05/22 1:17 p.m.11 views

OESA-2026-2385 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through...

7.5CVSS7.3AI score0.00673EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/21 5:0 p.m.17 views

CVE-2026-42934

A flaw was found in the ngxhttpcharsetmodule module of NGINX. When charset, sourcecharset, charsetmap and proxypass with disabled buffering "off" directives are configured, an unauthenticated attacker can send crafted requests and cause a heap-based buffer over-read in the worker process, resulti...

6.3CVSS6AI score0.00717EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...

6.5CVSS6.6AI score0.00332EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...

6.5CVSS6.6AI score0.00325EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 7:23 p.m.13 views

GHSA-9Q9Q-324X-93R2 Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`

Summary Bandit's HTTP/1 chunked-body reader silently drops the request size cap that the application configures e.g. Plug.Parsers' default 8 MB length: and buffers the entire body in memory before the application sees it. An unauthenticated attacker can crash any Bandit-fronted Phoenix/Plug app...

8.7CVSS5.8AI score0.00642EPSS
Exploits1References6
Snyk
Snyk
added 2026/05/18 2:7 a.m.14 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in various respons.text invocations in response-handler.ts, which accept and buffer arbitrarily long request strings. Functions like createJsonResponseHandler and...

6.9CVSS5.9AI score0.00561EPSS
Exploits1References2
OSV
OSV
added 2026/05/15 2:2 p.m.6 views

OESA-2026-2328 compat-openssl11 security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes c...

7.5CVSS6.1AI score0.00844EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/05/14 3:1 a.m.13 views

SUSE CVE-2026-42934

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

4.8CVSS5.9AI score0.00717EPSS
Exploits0References6
Rows per page
Query Builder