Lucene search
K

1789 matches found

debiancve
debiancve
added 2026/05/29 7:14 p.m.18 views

CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.00327EPSS
Exploits1
osv
osv
added 2026/05/29 7:16 a.m.10 views

UBUNTU-CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/05/29 5:24 a.m.11 views

CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References4
euvd
euvd
added 2026/05/29 5:24 a.m.19 views

EUVD-2026-33249

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References3
cve
cve
added 2026/05/29 5:24 a.m.34 views

CVE-2026-6324

Affected software: libsoup. Vulnerability: unsigned-to-signed conversion error in soup_body_input_stream_read_chunked(). Impact: remote attacker can bypass security controls, poison web caches, or gain unauthorized access when libsoup sits behind or fronts a non-libsoup server. Context: exploit v...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.13 views

cpp-httplib 安全漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.43.4 contained security vulnerabilities. These vulnerabilities stemmed from negative chunk sizes in chunked transmission encoding, leading to unbounded...

7.5CVSS5.8AI score0.00327EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.11 views

libsoup 安全漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability, which stems from an error in the unsigned-to-signed conversion in the soupbodyinputstreamreadchunked function. This vulnerability could allow remote attackers to bypass security controls by sending...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References4
nessus
nessus
added 2026/05/29 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-6324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References3
hackerone
hackerone
added 2026/05/28 6:53 p.m.24 views

curl: Proxy CONNECT response poisoning via authentication retry in cf-h1-proxy.c (libcurl)

Summary: When an HTTP/1.x proxy returns a 407 with no Content-Length and no chunked transfer-encoding, lib/cf-h1-proxy.c singleheader sets ts-keepon = KEEPONDONE but never sets ts-closeconnection = TRUE. Because ts-closeconnection and conn-bits.close both stay false, the CONNECT tunnel state...

5.8AI score
Exploits0
nessus
nessus
added 2026/05/28 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-49017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInp...

7.1CVSS5.8AI score0.00322EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.12 views

CVE-2026-39806

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

8.7CVSS5.8AI score0.00637EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.11 views

CVE-2026-39803

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':readdata/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when...

8.7CVSS5.8AI score0.00642EPSS
Exploits1References1
osv
osv
added 2026/05/27 7:58 p.m.7 views

GHSA-RW47-HM26-6WR7 CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests

Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...

7.2CVSS5.9AI score0.00038EPSS
Exploits0References2
github
github
added 2026/05/27 7:58 p.m.14 views

CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests

Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...

5.9AI score0.00038EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/05/27 2:16 a.m.13 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS0.00322EPSS
Exploits0References5
osv
osv
added 2026/05/27 2:16 a.m.9 views

DEBIAN-CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/05/27 2:16 a.m.19 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References4
osv
osv
added 2026/05/27 2:16 a.m.13 views

UBUNTU-CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/05/27 2:12 a.m.19 views

CVE-2026-7790

A flaw was found in ninenines cowlib, specifically within the cowhttpte module's chunked transfer-encoding parser. An unauthenticated remote attacker can exploit this by sending an HTTP/1.1 request containing a Transfer-Encoding: chunked header with an excessively long hexadecimal string in the...

8.7CVSS5.7AI score0.00431EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/27 1:57 a.m.34 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS0.00322EPSS
Exploits0References3
Rows per page
Query Builder