12 matches found
CVE-2026-49361
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
CVE-2026-49361
CVE-2026-49361: Apache Fluss Netty frame-decoder memory exhaust vulnerability . Affected: Apache Fluss (incubating) versions prior to 0.9.1 (0.8.0 and 0.9.0). Root cause: Netty LengthFieldBasedFrameDecoder configured with Integer.MAX_VALUE as the maximum frame length. Impact: unauthenticated remo...
CVE-2026-49361 Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
CVE-2026-49361
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
EUVD-2026-33600
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
CVE-2026-49361 Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
PT-2026-45385
Name of the Vulnerable Software and Affected Versions Apache Fluss versions prior to 0.9.1 Description The Netty LengthFieldBasedFrameDecoder is configured with Integer.MAX VALUE as the maximum frame length. This allows unauthenticated remote attackers to exhaust JVM heap memory on TabletServer a...
Stadt Land Fluss Duell - BSD license, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Stadt Land Fluss Duell published at the 'play' market has multiple vulnerabilities...
Stadt Land Fluss (Chromecast) - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Stadt Land Fluss Chromecast published at the 'play' market has multiple vulnerabilities...
Stadt Land Fluss Multiplayer - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Stadt Land Fluss Multiplayer published at the 'play' market has multiple vulnerabilities...
Stadt Land Fluss Duell - ContentProvider mode not defined, Dynamic Code Loading, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Stadt Land Fluss Duell published at the 'play' market has multiple vulnerabilities...
Stadt Land Fluss - Dynamic Code Loading, External URLs, Possible privilege escalation vulnerabilities
HackApp vulnerability scanner discovered that application Stadt Land Fluss published at the 'play' market has multiple vulnerabilities...