JLSEC-2026-416 When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of...

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

PT-2026-21806

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.6 Wasmtime versions prior to 36.0.6 Wasmtime version 4.0.04 Wasmtime versions prior to 41.0.4 Wasmtime versions prior to 42.0.0 Description Wasmtime's implementation of the wasi:http/types.fields resource is...

Siemens SIMATIC S7-1500 Missing Release of Resource after Effective Lifetime (CVE-2024-2398)

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

EUVD-2025-36733

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

AZL-78911 CVE-2025-58186 affecting package golang 1.25.7-1

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

AZL-69254 CVE-2025-58186 affecting package golang 1.26.0-1

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

UBUNTU-CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

CVE-2025-58186

IBM security advisories address CVE-2025-58186 in IBM Cloud Pak for Business Automation. The issue is a memory exhaustion risk caused by parsing an unbounded number of cookies after HTTP headers are limited to 1 MB. Affected products include IBM Cloud Pak for Business Automation components (e.g.,...

GO-2025-4012 Lack of limit when parsing cookies can cause memory exhaustion in net/http

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

Security update for python-Authlib

This update for python-Authlib fixes the following issues: CVE-2025-61920: limited the size of the header to prevent DoS bsc1251921. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

SUSE CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

EUVD-2024-27350

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-26636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llc: make llcuisendmsg more robust against bonding changes syzbot was able to trick llcuisendmsg, allocating an skb with no headroom, but subsequently trying to...

Security update for jakarta-commons-fileupload

This update for jakarta-commons-fileupload fixes the following issues: Upgrade to upstream version 1.6.0 CVE-2025-48976: Fixed allocation of resources for multipart headers with insufficient limits can lead to a DoS bsc1244657. Full changelog:...

Medium: runc

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

Medium: runc

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

Astra Linux – Vulnerability in curl

When an application instructs libcurl to enable HTTP/2 server push, and the number of received headers for the push exceeds the maximum allowed limit 1000, libcurl abends the server push. During this process, libcurl inadvertently does not free all of the previously allocated headers; instead, it...

Medium: amazon-ssm-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...