212 matches found
CVE-2026-40092
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...
CVE-2026-40092 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...
EUVD-2026-31197
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...
CVE-2026-40092
Summary: In Nimiq’s Rust-based stack, versions ≤ 1.3.0 of the nimiq-blockchain component are vulnerable to a crafted Kademlia DHT record containing a TaggedSigned with a signature field not exactly 64 bytes. When a victim node processes the record, the Ed25519 signature is parsed via Ed25519Signa...
CVE-2026-40092 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...
Astra Linux - уязвимость в wireshark
A large loop exists in the Bluetooth DHT dissector in Wireshark versions 3.4.0 to 3.4.9, and 3.2.0 to 3.2.17, which allows for denial of service through packet injection or with crafted capture files...
GHSA-32MQ-HPPH-XFVR @libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes
Summary An unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted ke...
@libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes
Summary An unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted ke...
Improper Validation of Syntactic Correctness of Input
Overview @libp2p/kad-dht is a JavaScript implementation of the Kad-DHT for libp2p Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the verifyRecord function that leads to the unlimited message processing since rate limits are applied onl...
PT-2026-42028
Summary An unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUT VALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted k...
nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT
Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches...
openSUSE 16 Security Update : wireshark (openSUSE-SU-2026:20685-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20685-1 advisory. This update for wireshark fixes the following issues - CVE-2026-3201: missing limit checks in USB HID protocol dissector's parsereportdescriptor...
OESA-2026-2226 wireshark security update
Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of...
CVE-2026-5408
A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the BT-DHT protocol dissector, leading to a crash. This denial of service DoS vulnerability could prevent the application from processing network traffic, impacting its availability. Mitigation To mitigate this...
Astra Linux - уязвимость в glusterfs
In Gluster GlusterFS 11.0, there is a use-after-free in the file xlators/cluster/dht/src/dht-common.c at the dhtsetxattrmdscbk function...
Astra Linux - уязвимость в wireshark
An infinite loop in the BitTorrent DHT dissector in Wireshark versions 3.6.0, 3.4.0, and 3.4.10 allows for denial of service through packet injection or malicious capture files...
SUSE CVE-2026-5408
BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
Wireshark 4.4.x < 4.4.15 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is prior to 4.4.15. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.4.15 advisory. - RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of servic...
Wireshark 4.4.x < 4.4.15 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.4.15. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.4.15 advisory. - RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial ...
CVE-2026-5408
BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...