Lucene search
K

238 matches found

OSV
OSV
added 2026/06/29 5:40 a.m.4 views

BIT-HAPROXY-2026-55204 HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 12:21 p.m.4 views

SUSE-SU-2026:2652-1 Security update for haproxy

This update for haproxy fixes the following issues - CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers bsc1268557. - CVE-2026-55204: null pointer dereference vulnerability in hpackdhtinsert within...

9.1CVSS6AI score0.00431EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 12:18 p.m.3 views

SUSE-SU-2026:2651-1 Security update for haproxy

This update for haproxy fixes the following issues - CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers bsc1268557. - CVE-2026-55204: null pointer dereference vulnerability in hpackdhtinsert within...

9.1CVSS6AI score0.00431EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52922

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...

7.5CVSS0.00394EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 7:14 a.m.8 views

EUVD-2026-38725

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...

5.8AI score0.00394EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51715

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv dat forward data function calls pskb copy for clone to duplicate an skb for each DHT candidate without verifying the return valu...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-52922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the...

7.5CVSS6AI score0.00394EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 4:5 p.m.2 views

CVE-2026-55204 HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS6AI score0.00431EPSS
Exploits0References5
CVE
CVE
added 2026/06/18 4:5 p.m.34 views

CVE-2026-55204

HAProxy CVE-2026-55204 affects HAProxy up to version 3.4.0. It describes a null pointer dereference in the function hpack_dht_insert (in src/hpack-tbl.c) that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. Under memory pressure, HPACK dynamic table ins...

8.7CVSS5.3AI score0.00431EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/18 4:5 p.m.11 views

CVE-2026-55204 HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.3AI score0.00431EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-44505

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handledhtget network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record...

5.3CVSS5.5AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-46541

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handledhtget, the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails from a malicious DHT...

7.5CVSS5.4AI score0.00346EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.12 views

CVE-2026-45783

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 9:9 p.m.32 views

CVE-2026-45783 libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS0.00354EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:9 p.m.11 views

EUVD-2026-36153

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS5.4AI score0.00354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 9:9 p.m.8 views

CVE-2026-45783 libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS5.4AI score0.00354EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 9:9 p.m.3 views

CVE-2026-45783 libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS6AI score0.00354EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 12:16 a.m.14 views

CVE-2026-46541

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handledhtget, the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails from a malicious DHT...

7.5CVSS0.00346EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:45 p.m.22 views

CVE-2026-46541

CVE-2026-46541 (Nimiq network-libp2p): Before 1.4.0, DHT handling in handle_dht_get() sometimes did not initialize the DhtResults accumulator if the first DHT record failed verification. This caused all subsequent valid records to be discarded with “DHT inconsistent state” errors, enabling potent...

7.5CVSS5.4AI score0.00346EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:44 p.m.21 views

CVE-2026-44505

The CVE affects Nimiq’s network-libp2p component (Rust) used in the Albatross-based PoS implementation. Before v1.4.0, when a peer returns a FoundRecord, the code verified the record via dht_verifier.verify and, on verifier error, logged and returned early without completing the oneshot used by N...

5.3CVSS5.5AI score0.00297EPSS
Exploits0References3
Rows per page
Query Builder