CVE-2026-40879

A flaw was found in Nest, a framework for building scalable Node.js server-side applications. A remote attacker can exploit this vulnerability by sending numerous small, valid JSON JavaScript Object Notation messages within a single TCP Transmission Control Protocol frame. This action causes the...

CVE-2026-40879 Nest: DoS via Recursive handleData in JsonSocket (TCP Transport)

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData recurses once per message; the buffer shrinks each call. maxBufferSize is never reached; call stack overflows instead. ...

Uncontrolled Recursion

Overview @nestjs/microservices is a Nest - modern, fast, powerful node.js web framework @microservices Affected versions of this package are vulnerable to Uncontrolled Recursion through the handleData function in packages/microservices/helpers/json-socket.ts. An attacker can crash the TCP...

The vulnerability of the HandleData() function in the Go programming language-based crypto/tls package allows a perpetrator to trigger a service failure.

The vulnerability of the HandleData function in the crypto/tls package for the Go programming language is related to an incorrect limitation on data size before buffering. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

PT-2023-9455 · Go +7 · Go +7

Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue is related to the processing of incomplete post-handshake messages for QUIC connections, which can cause a panic. Additionally, there is a vulnerability in the HandleData function of t...

OSV-2020-856 Use-of-uninitialized-value in deflate_slow

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18745 Crash type: Use-of-uninitialized-value Crash state: deflateslow deflate PlFlate::handleData...