RUSTSEC-2026-0153 Unchecked `CryptoVec` allocation and growth handling

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

[SECURITY] [DSA 6266-1] nghttp2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6266-1 [email protected] https://www.debian.org/security/ Aron Xu May 14, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

SUSE CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

cowlib: Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

CVE-2026-43970

CVE-2026-43970 affects ninenines cowlib (cow_spdy:inflate/2) where peer-supplied SPDY payloads are passed directly to zlib:inflate/2 without an output-size bound. This can enable unauthenticated remote denial of service via memory exhaustion, as SPDY compression uses a public dictionary (?ZDICT) ...

CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

K000161131: NGINX ngx_http_proxy_v2_module vulnerability CVE-2026-42926

Security Advisory Description When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody , an attacker may be able to inject frame headers and payload bytes to the upstream peer. CVE-2026-42926 Impact This vulnerability allows a remot...

Snappier 安全漏洞

Snappier is a pure C version of the Google Snappy compression algorithm developed by Brant Burnett. Versions prior to Snappier 1.3.1 contained a security vulnerability; this vulnerability stemmed from the inability to escape an infinite loop that occurred when SnappierStream decompressed Snappy...

BIT-GOLANG-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

Unity Linux 20.1070e Security Update: jetty (UTSA-2026-017755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017755 advisory. In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Tenable ha...

SUSE CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

Unity Linux 20.1050e / 20.1070e Security Update: kubernetes (UTSA-2026-016795)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016795 advisory. spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled...

CVE-2026-43406

A flaw was found in libceph in the Linux kernel. A remote attacker could exploit this vulnerability by sending a maliciously crafted message frame. This manipulation, either by corrupting the control segment length or disguising a different frame as a message frame, can cause out-of-bounds reads...

CVE-2026-43387

A flaw was found in the Linux kernel's rtl8723bs Wi-Fi driver. This memory corruption vulnerability, specifically an out-of-bounds read, occurs because the driver does not properly validate the length of data in received network frames within the rtwgetieex function. A remote attacker could explo...

CVE-2026-43406 libceph: prevent potential out-of-bounds reads in process_message_header()

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in processmessageheader If the message frame is maliciously corrupted in a way that the length of the control segment ends up being less than the size of the message header or a...

Linux Distros Unpatched Vulnerability : CVE-2026-43406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: prevent potential out-of-bounds reads in processmessageheader If the message frame is maliciously corrupted in a way that the length of the control...

CVE-2026-42469

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 OVMS3 3.3.005. In canformatcanswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted CANswitch frames...

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...