Lucene search
K

11 matches found

Snyk
Snyk
added 2026/06/17 6:21 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of fragmented WebSocket messages. An attacker can cause unbounded memory growth and...

8.7CVSS6.5AI score0.00426EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 4:20 p.m.23 views

CVE-2026-9675 undici WebSocket client vulnerable to denial of service via cumulative fragment bypass

Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causin...

7.5CVSS0.00426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50470

Name of the Vulnerable Software and Affected Versions undici version 8.1.0 Description The undici WebSocket client enforces maxPayloadSize on a per-frame basis but fails to enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream numerous small...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-16155

Malware in sbrugna...

7.5CVSS7.6AI score0.01376EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.3 views

PT-2024-17221

Name of the Vulnerable Software and Affected Versions Rustls version 0.23.13 Description A flaw was found in Rustls and related APIs, allowing denial of service panic via a fragmented TLS ClientHello message. Recommendations For Rustls version 0.23.13, consider disabling the handling of fragmente...

8.8CVSS6AI score0.00707EPSS
Exploits4References36
RedHat Linux
RedHat Linux
added 2024/08/13 10:8 a.m.4 views

kernel: TIPC message reassembly use-after-free remote code execution vulnerability

A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...

8.1CVSS7.7AI score0.01305EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/08/08 4:53 a.m.4 views

kernel: TIPC message reassembly use-after-free remote code execution vulnerability

A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...

8.1CVSS7.7AI score0.01305EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/07/10 12:18 a.m.5 views

kernel: TIPC message reassembly use-after-free remote code execution vulnerability

A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...

8.1CVSS7.7AI score0.01305EPSS
Exploits1References6
Zero Day Initiative
Zero Day Initiative
added 2024/06/20 12:0 a.m.37 views

Linux Kernel TIPC Message Reassembly Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with TIPC bearer enabled are vulnerable. The specific flaw exists within the processing of fragmented TIPC...

9CVSS7.3AI score0.01305EPSS
Exploits1References1
Microsoft KB
Microsoft KB
added 2020/04/10 12:0 a.m.9 views

An update that enables Internet Explorer in Windows Vista or in Windows Server 2008 to parse fragmented TLS/SSL handshake messages is available

An update that enables Internet Explorer in Windows Vista or in Windows Server 2008 to parse fragmented TLS/SSL handshake messages is available Warning: The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain...

6.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/06/05 12:0 a.m.6 views

OpenSSL DTLS Invalid Fragment Remote Code Execution (CVE-2014-0195)

A remote code execution vulnerability exists in OpenSSL. The vulnerability is due to an error when handling fragmented DTLS handshake messages. Successful exploitation can create a denial of service condition and may allow execution of arbitrary code within the context of the process using OpenSS...

6.8CVSS4AI score0.99977EPSS
Exploits4
Rows per page
Query Builder