Lucene search
K

20 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 2:22 p.m.14 views

undici WebSocket client vulnerable to denial of service via fragment count bypass

Impact The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS5.9AI score0.00759EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:22 p.m.5 views

NPM: undici WebSocket client vulnerable to denial of service via fragment count bypass

NPM: undici WebSocket client vulnerable to denial of service via fragment count bypass vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

7.5CVSS5.8AI score0.00759EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/17 4:5 p.m.2 views

CVE-2026-12151 undici WebSocket client vulnerable to denial of service via fragment count bypass

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS7.1AI score0.00759EPSS
Exploits0References14
CVE
CVE
added 2026/06/17 4:5 p.m.187 views

CVE-2026-12151

The CVE affects the undici WebSocket client (and WebSocketStream API) where maxPayloadSize is enforced per-frame but there is no limit on the number of fragments in a message. A malicious server can send many small or empty continuation frames, each passing validation, causing unbounded memory gr...

7.5CVSS5.3AI score0.00759EPSS
Exploits0References14Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/17 4:5 p.m.9 views

CVE-2026-12151 undici WebSocket client vulnerable to denial of service via fragment count bypass

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS5.3AI score0.00759EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 4:5 p.m.33 views

CVE-2026-12151 undici WebSocket client vulnerable to denial of service via fragment count bypass

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS0.00759EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/12/17 7:48 a.m.5 views

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

5.5CVSS6.9AI score0.00177EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/04 12:50 p.m.10 views

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

5.5CVSS6.9AI score0.00177EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/12 3:8 p.m.7 views

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

5.5CVSS6.9AI score0.00177EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.4 views

PT-2025-51566

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in the net/mlx5e component related to handling XDP programs and skb socket buffer generation. XDP programs can modify the layout of an xdp buff using t...

6.1CVSS5.5AI score0.00168EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/09/18 11:38 p.m.10 views

SUSE CVE-2023-53354

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

5.5CVSS6.7AI score0.00177EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/09/17 5:26 p.m.7 views

CVE-2023-53354

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

7CVSS5.8AI score0.00177EPSS
Exploits0References4
NVD
NVD
added 2025/09/17 3:15 p.m.4 views

CVE-2023-53354

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

5.5CVSS0.00177EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/09/17 2:56 p.m.3 views

CVE-2023-53354 skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

6AI score0.00177EPSS
Exploits0References8
OSV
OSV
added 2025/09/17 2:56 p.m.4 views

CVE-2023-53354 skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

5.5CVSS5.5AI score0.00177EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2025/09/17 2:56 p.m.3 views

CVE-2023-53354

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

5.5CVSS5.5AI score0.00177EPSS
Exploits0
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to properly handle fragment count changes in the skbsegment function, which could result in a nu...

5.5CVSS5.9AI score0.00177EPSS
Exploits0References9
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net: Allow for small head cache usage with large MAXSKBFRAGS values. Sabrina reported the following error: WARNING: CPU: 0 PID: 1 at net/core/dev.c:6935 netifnapiaddweightlocked+0x8f2/0xba0 Modules linked in: CPU: 0 UID: 0 PID...

5.5CVSS6.4AI score0.00176EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/10/16 12:28 a.m.4 views

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

5.5CVSS6.9AI score0.00177EPSS
Exploits0References5
OSV
OSV
added 2024/06/19 2:15 p.m.23 views

UBUNTU-CVE-2024-38586

In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently...

7.8CVSS6.3AI score0.00252EPSS
Exploits0References20
Rows per page
Query Builder