Lucene search
K

7 matches found

Snyk
Snyk
added 2026/04/16 10:41 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of validation on attacker-controlled counts and lengths in the SPDY/3 frame parser. An attacker can exhaust process memory and cause an out-of-memory crash by sending ...

8.7CVSS5.4AI score0.00656EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 9:19 p.m.65 views

CVE-2026-35469

spdystream is a Go library for SPDY multiplexing. In versions ≤ 0.5.0, the SPDY/3 frame parser allocates memory for SETTINGS counts, header counts, and header field sizes without proper bounds checking, enabling large on-the-wire values to exhaust memory via crafted control frames. A remote peer ...

8.7CVSS5.8AI score0.00656EPSS
Exploits0References50
AlpineLinux
AlpineLinux
added 2026/04/16 9:19 p.m.9 views

CVE-2026-35469

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

8.7CVSS5.8AI score0.00656EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

SpdyStream 安全漏洞

SpdyStream is a SPDY-based multiplexing stream processing library developed by Moby. Versions of SpdyStream prior to 0.5.0 contain security vulnerabilities. These vulnerabilities stem from the SPDY/3 frame parser not verifying the count and length of the frame before allocating memory. This allow...

8.7CVSS5.9AI score0.00656EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/08/31 12:0 a.m.7 views

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the CORE/SYS/legacy/src/utils/src/dot11f.c file in Qualcomm’s Android operating system lies in buffer overflow attacks. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted control information element IE in the 802.11...

10CVSS8.6AI score0.0252EPSS
Exploits0References3Affected Software1
Check Point Advisories
Check Point Advisories
added 2014/12/28 12:0 a.m.7 views

Asterisk chan_iax2 IAX2 Control Frame LAGR Denial of Service - Ver2 (CVE-2007-3763)

A denial-of-service vulnerability has been reported in Asterisk AsteriskNOW, Asterisk Appliance Developer Kit and Asterisk S800i Appliance. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

5CVSS4.2AI score0.2656EPSS
Exploits2
Debian CVE
Debian CVE
added 2011/07/06 7:0 p.m.29 views

CVE-2011-2535

chaniax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a deni...

5CVSS7.2AI score0.04612EPSS
Exploits0
Rows per page
Query Builder