Astra Linux – Vulnerability in nghttp2

nghttp2 is an implementation of the Hypertext Transfer Protocol Version 2 in C. The nghttp2 library prior to version 1.61.0 continued to read an unlimited number of HTTP/2 CONTINUATION frames even after a stream was reset, in order to keep the HPACK context synchronized. This caused excessive CPU...

Astra Linux – Vulnerability in Netty

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty was vulnerable to MadeYouReset DDoS attacks. This is a logical vulnerability in the HTTP/2 protocol, which exploits malformed HTTP/2 control frames to circumvent the maximu...

CVE-2026-56099

OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...

EUVD-2026-37938

OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...

CVE-2026-56099 OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input

OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...

CVE-2026-56099

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read in sys/netmpls/mpls_input.c:mpls_do_error, allowing remote disclosure of kernel stack memory by crafting MPLS frames with 16 labels and no Bottom-of-Stack bit. Affected component is the MPLS input handling path; root cause ...

PT-2026-50785

Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to commit 6a23123 Description An out-of-bounds read exists in the mpls do error function within sys/netmpls/mpls input.c. Remote attackers can disclose kernel stack memory by sending crafted MPLS frames containing 16...

CVE-2026-9675

Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causin...

CVE-2026-9675

The CVE-2026-9675 issue affects the undici WebSocket client (new WebSocket(...)) where per-frame maxPayloadSize is enforced but the cumulative size of fragmented, uncompressed messages is not. A attacker-controlled WebSocket endpoint can stream many small fragments that pass per-frame validation ...

GHSA-8JR5-V98P-W75M vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Summary Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias. Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendere...

vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Summary Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias. Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendere...

PT-2026-50456

Name of the Vulnerable Software and Affected Versions undici versions 6.17.0 through 6.25.x undici versions 7.0.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description The WebSocket client fails to limit the number of fragments in a message, only enforcing the maxPayloadSize on the...

CVE-2026-5497

A flaw was found in vLLM. An attacker can exploit this vulnerability by sending a specially crafted API request containing an excessive number of base64-encoded JPEG frames within a data URL. This unbounded processing of frames in the VideoMediaIO.loadbase64 method leads to an Out-of-Memory OOM...

EUVD-2026-37014

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the websocket checks. An attacker can exhaust system memory by sending large incomplete frame payloads, potentially leading to service disruption. Remediation Upgrade aiohttp to...

Asymmetric Resource Consumption (Amplification)

Overview org.webjars.npm:ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification when handling a large number of very small fragments and data chunks. An attacker can cause excessive...

Asymmetric Resource Consumption (Amplification)

Overview ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification when handling a large number of very small fragments and data chunks. An attacker can cause excessive memory allocatio...

USN-8430-1: ADSys vulnerabilities

It was discovered that ADSys did not properly handle certain HTTP/2 frames. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 26.04 LTS. CVE-2026-27141 It was discovered that ADSys did not properly handle certain HTTP/2 SETTINGS frames. ...

PT-2026-49588

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description An issue exists in the asynchronous HTTP client/server framework where an attacker can send large incomplete websocket frame payloads. This allows the attacker to bypass standard memory use size...

CVE-2026-48043

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...