Lucene search
+L

349 matches found

CVE
CVE
added yesterday11 views

CVE-2026-54490

CVE-2026-54490 involves the websocket-driver library. Prior to version 0.7.5, when used with the permessage-deflate extension, the message size check was based on the compressed frame length rather than the decompressed size, allowing a WebSocket server/client to accept messages larger than the c...

6.3CVSS5.3AI score
Exploits0References2
Cvelist
Cvelist
added yesterday8 views

CVE-2026-54464 websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-54464

The CVE-2026-54464 issue affects the websocket-driver Ruby library. When used with the permessage-deflate extension, WebSocket servers/clients can accept messages larger than the configured maximum because length checks use the compressed data size (frame length headers) instead of the decompress...

6.3CVSS5.3AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 3 days ago9 views

websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 3 days ago8 views

websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS6AI score
Exploits0References5Affected Software1
OSV
OSV
added 3 days ago5 views

GHSA-33PH-FCCM-39PJ websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago10 views

PT-2026-60382

Name of the Vulnerable Software and Affected Versions websocket-driver versions prior to 0.7.5 Description When used with the permessage-deflate extension, a WebSocket server or client may accept messages exceeding the configured maximum message size. This occurs because the size limit is validat...

6.3CVSS5.3AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-15709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in...

7.5CVSS6.1AI score0.00548EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago10 views

PT-2026-60379

Name of the Vulnerable Software and Affected Versions affected versions not specified Description When used with the permessage-deflate extension, a WebSocket server or client may accept messages exceeding the configured maximum size. This occurs because the size limit is validated against the...

6.3CVSS5.3AI score
Exploits0References8
NVD
NVD
added 4 days ago5 views

CVE-2026-15709

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...

7.5CVSS0.00548EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-15709 Soupwebsocketextensiondeflate: libsoup: libsoup: websocket permessage-deflate unbounded decompression remote denial of service

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...

7.5CVSS0.00548EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-15709

The CVE concerns libsoup's WebSocket permessage-deflate implementation. The decompression loop (inflate()) can allocate memory without an upper bound, as output size is not bounded during decompression even though max_incoming_payload_size limits input frames. A separate check for decompressed si...

7.5CVSS6.1AI score0.00548EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 4 days ago9 views

CVE-2026-15709

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...

7.5CVSS6.1AI score0.00548EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References4
Snyk
Snyk
added 2026/07/08 8:21 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the permessage-deflate extension. An attacker can cause the application to process messages that exceed the intended resource limits by sending compressed messages that, when...

6.3CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/08 8:16 p.m.3 views

DEBIAN-CVE-2026-59939

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References1
NVD
NVD
added 2026/07/08 8:16 p.m.5 views

CVE-2026-59939

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS0.00358EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/08 7:34 p.m.31 views

CVE-2026-59939 httplib2: Decompression Bomb Denial of Service via Unbounded gzip/deflate Response Handling

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS0.00358EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/07/08 7:34 p.m.14 views

CVE-2026-59939

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS6AI score0.00358EPSS
Exploits1
CVE
CVE
added 2026/07/08 7:34 p.m.9 views

CVE-2026-59939

The CVE-2026-59939 affects the Python httplib2 library prior to 0.32.0. The root cause is unbounded decompression of HTTP response bodies encoded with gzip or deflate in _decompressContent, allowing a malicious server to send a small compressed payload that expands to very large in-memory size, l...

7.5CVSS6AI score0.00358EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder