11 matches found
Allocation of Resources Without Limits or Throttling
Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of fragmented WebSocket messages. An attacker can cause unbounded memory growth and...
CVE-2026-9675 undici WebSocket client vulnerable to denial of service via cumulative fragment bypass
Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causin...
PT-2026-50470
Name of the Vulnerable Software and Affected Versions undici version 8.1.0 Description The undici WebSocket client enforces maxPayloadSize on a per-frame basis but fails to enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream numerous small...
EUVD-2019-16155
Malware in sbrugna...
PT-2024-17221
Name of the Vulnerable Software and Affected Versions Rustls version 0.23.13 Description A flaw was found in Rustls and related APIs, allowing denial of service panic via a fragmented TLS ClientHello message. Recommendations For Rustls version 0.23.13, consider disabling the handling of fragmente...
kernel: TIPC message reassembly use-after-free remote code execution vulnerability
A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...
kernel: TIPC message reassembly use-after-free remote code execution vulnerability
A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...
kernel: TIPC message reassembly use-after-free remote code execution vulnerability
A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...
Linux Kernel TIPC Message Reassembly Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with TIPC bearer enabled are vulnerable. The specific flaw exists within the processing of fragmented TIPC...
An update that enables Internet Explorer in Windows Vista or in Windows Server 2008 to parse fragmented TLS/SSL handshake messages is available
An update that enables Internet Explorer in Windows Vista or in Windows Server 2008 to parse fragmented TLS/SSL handshake messages is available Warning: The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain...
OpenSSL DTLS Invalid Fragment Remote Code Execution (CVE-2014-0195)
A remote code execution vulnerability exists in OpenSSL. The vulnerability is due to an error when handling fragmented DTLS handshake messages. Successful exploitation can create a denial of service condition and may allow execution of arbitrary code within the context of the process using OpenSS...