20 matches found
SUSE CVE-2026-22776
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...
CVE-2026-22776
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...
CVE-2026-22776
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...
CVE-2026-22776
CVE-2026-22776 affects cpp-httplib prior to 0.30.1. The DoS arises from unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.); the implementation validates payload_max_length against the compressed data size but does not cap the decompressed data in memory. This can...
CVE-2026-22776 cpp-httplib vulnerable to a denial of service (DOS) using a zip bomb
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...
Linux Distros Unpatched Vulnerability : CVE-2026-22776
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in...
PT-2026-2292
Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.30.1 Description A potential denial of service DoS condition exists in cpp-httplib due to the way it handles compressed HTTP request bodies, specifically those using gzip or br compression. The library checks th...
Rocky Linux 9 : skopeo (RLSA-2024:2549)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2549 advisory. - The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshalin...
Denial Of Service (DoS)
JWX is vulnerable to Denial of Service DoS. The vulnerability is caused due improper checking of the decompressed data size, allowing an attacker to craft a malicious input with an exceptionally high compression ratio, leading to a Denial of Service DoS condition by consuming excessive memory...
GHSA-HJ3V-M684-V259 JWX vulnerable to a denial of service attack using compressed JWE message
Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory...
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...
Out-of-bounds
DISPUTED An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occ...
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...
Denial Of Service (DoS) Via Zip Bomb
akka-http is vulnerable to denial of service via a Zip Bomb. The vulnerability is caused by the application not having size limitations on decompressed data from the directives decodeRequest and decodeRequestWith or when using them in combination with directives like entityas, toStrict, or...