5 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of validation on attacker-controlled counts and lengths in the SPDY/3 frame parser. An attacker can exhaust process memory and cause an out-of-memory crash by sending ...
CVE-2026-35469
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...
CVE-2026-35469
spdystream is a Go library for SPDY multiplexing. In versions ≤ 0.5.0, the SPDY/3 frame parser allocates memory for SETTINGS counts, header counts, and header field sizes without proper bounds checking, enabling large on-the-wire values to exhaust memory via crafted control frames. A remote peer ...
SpdyStream 安全漏洞
SpdyStream is a SPDY-based multiplexing stream processing library developed by Moby. Versions of SpdyStream prior to 0.5.0 contain security vulnerabilities. These vulnerabilities stem from the SPDY/3 frame parser not verifying the count and length of the frame before allocating memory. This allow...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the CORE/SYS/legacy/src/utils/src/dot11f.c file in Qualcomm’s Android operating system lies in buffer overflow attacks. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted control information element IE in the 802.11...