Lucene search
K

1789 matches found

RedhatCVE
RedhatCVE
added 2026/05/27 2:12 a.m.19 views

CVE-2026-7790

A flaw was found in ninenines cowlib, specifically within the cowhttpte module's chunked transfer-encoding parser. An unauthenticated remote attacker can exploit this by sending an HTTP/1.1 request containing a Transfer-Encoding: chunked header with an excessively long hexadecimal string in the...

8.7CVSS5.7AI score0.00431EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:57 a.m.11 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/27 1:57 a.m.34 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS0.00322EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 1:57 a.m.10 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 1:57 a.m.16 views

EUVD-2026-32040

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/27 1:57 a.m.8 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43476

Name of the Vulnerable Software and Affected Versions OpenStack Swift versions 2.36.0 through 2.36.1 OpenStack Swift versions 2.37.0 through 2.37.1 Description The s3api middleware contains a flaw where the StreamingInput class enters an infinite loop when processing a truncated aws-chunked PUT...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

OpenStack Swift 安全漏洞

OpenStack Swift is an open-source distributed object storage system under OpenStack. There were security vulnerabilities in versions of OpenStack Swift prior to 2.36.2 and 2.37.2. These vulnerabilities stemmed from the s3api middleware handling truncated aws-chunked PUT request bodies, leading to...

7.1CVSS5.8AI score0.00322EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-44131

Name of the Vulnerable Software and Affected Versions crowdsec versions prior to 1.7.8 Description The AppSec component fails to read the HTTP request body when the Content-Length is not positive. This occurs specifically with HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests...

7.2CVSS5.9AI score0.00038EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/26 1:50 a.m.15 views

org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.8AI score0.01127EPSS
Exploits1References6
Fedora
Fedora
added 2026/05/24 12:51 a.m.17 views

[SECURITY] Fedora 43 Update: python-pulp-glue-0.37.0-5.fc43

pulp-glue is a library to ease the programmatic communication with the Pulp3 API. It helps to abstract different resource types with so called contexts and allows to build or even provides complex workflows like chunked upload or waiting on tasks. It is built around an openapi3 parser to provide...

5.5CVSS5.8AI score0.00182EPSS
Exploits0
EUVD
EUVD
added 2026/05/22 8:49 p.m.10 views

EUVD-2026-31503

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

6.5CVSS5.8AI score0.00253EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016708 advisory. A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker t...

6.5CVSS6.7AI score0.01005EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

RockyLinux 8 : osbuild-composer (RLSA-2025:9844)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9844 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

9.1CVSS5.8AI score0.00778EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2026/05/21 12:0 a.m.15 views

gdk-pixbuf2 security update

2.36.12-3.0.3 - Backport fixes for CVE-2026-5201 Orabug: 39288631 2.36.12-3.0.1 - jpeg: Be more careful with chunked icc data Orabug: 38359772CVE-2025-7345...

7.5CVSS7.1AI score0.01069EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

If a user opens a specially crafted PDF file, the PDF reader may be tricked into leaking cross-origin information, where this information is served as chunked data. This vulnerability affects Firefox versions earlier than 85, Thunderbird versions earlier than 78.7, and Firefox ESR versions earlie...

4.3CVSS6.6AI score0.01047EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Puma

Puma is a Ruby/Rack web server designed for parallelism. Prior to versions 6.3.1 and 5.6.7, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers, which could allow HTTP request smuggling. The severity of this issue heavily depends ...

9.8CVSS6.7AI score0.00738EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Golang-1.19

A malicious HTTP sender can use chunk extensions to cause the recipient reading from the request or response body to read much more bytes from the network than actually exist in the body. A malicious HTTP client can further exploit this to cause the server to automatically read a large amount of...

5.3CVSS6.8AI score0.01208EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Twisted

In Twisted Web version 19.10.0, there was an HTTP request splitting vulnerability. When a content-length and a chunked encoding header were provided, the content-length took precedence, and the remaining part of the request body was interpreted as a pipelined request...

9.8CVSS7.6AI score0.03298EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Puma

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies, which allowed HTTP request smuggling. The fixed versions limit the size of chunk extensions. Without this limitation, an...

7.5CVSS6.6AI score0.00958EPSS
Exploits0References2
Rows per page
Query Builder