Lucene search
K

32 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.8 views

CVE-2026-44004

A flaw was found in vm2 before 3.11.0. Sandboxed code can call Buffer.alloc with arbitrary size to allocate on the host heap synchronously; vm2 timeout cannot interrupt the native C++ call, allowing a single request to exhaust host memory and crash the process. Fixed in 3.11.0...

8.6CVSS6AI score0.00424EPSS
Exploits1References4
NVD
NVD
added 2026/05/13 6:16 p.m.18 views

CVE-2026-44004

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

8.6CVSS0.00424EPSS
Exploits1References4
OSV
OSV
added 2026/05/13 5:31 p.m.3 views

CVE-2026-44004 vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

7.5CVSS7.2AI score0.00424EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/13 5:31 p.m.61 views

CVE-2026-44004 vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

7.5CVSS0.00424EPSS
Exploits1References1
OSV
OSV
added 2026/05/07 4:26 a.m.53 views

GHSA-6785-PVV7-MVG7 vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

Summary Sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR:...

7.5CVSS6.1AI score0.00424EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.5 views

Astra Linux – Vulnerability in containerd-app

Containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation, where a user may exhaust memory on the host due to goroutine leaks. This issue has...

6.9CVSS5.3AI score0.00162EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/26 12:55 a.m.6 views

CVE-2026-27887 Spin has memory leaks in various WIT interfaces

Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbounded size e.g. tables with many rows or large content bodies, Spin may in so...

6.9CVSS5.6AI score0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/07 4:15 a.m.3 views

CVE-2025-64329 containerd CRI server: Host memory exhaustion through Attach goroutine leak

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

6.9CVSS6.3AI score0.00162EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.5 views

containerd 安全漏洞

containerd is an industry-standard container runtime open-sourced by containerd. A security vulnerability exists in containerd versions 1.7.28 and earlier, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1, which stems from a goroutine in the CRI Attach...

6.9CVSS5.3AI score0.00162EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/11/06 11:32 p.m.14 views

containerd CRI server: Host memory exhaustion through Attach goroutine leak

Impact A bug was found in containerd's CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. Repetitive calls of CRI Attach e.g., kubectl attach could increase the memory usage of containerd. Patches This bug has been fixed in the following containerd...

6.9CVSS6.7AI score0.00162EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2024/08/21 4:3 p.m.24 views

GO-2022-1147 containerd CRI stream server vulnerable to host memory exhaustion via terminal in github.com/containerd/containerd

containerd CRI stream server vulnerable to host memory exhaustion via terminal in github.com/containerd/containerd...

6.5CVSS6.4AI score0.01022EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/07/23 1:19 p.m.5 views

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.1AI score0.00333EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:11 a.m.3 views

SUSE CVE-2015-8568

Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service host memory consumption by trying to activate the vmxnet3 device repeatedly...

6.5CVSS6.4AI score0.00459EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.4 views

SUSE CVE-2016-9911

Quick Emulator Qemu built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehciinittransfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host...

6.5CVSS9.2AI score0.00367EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.5 views

SUSE CVE-2017-5552

Memory leak in the virglresourceattachbacking function in hw/display/virtio-gpu-3d.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service host memory consumption via a large number of VIRTIOGPUCMDRESOURCEATTACHBACKING commands...

6.5CVSS6.4AI score0.00398EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.5 views

SUSE CVE-2017-5857

Memory leak in the virglcmdresourceunref function in hw/display/virtio-gpu-3d.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service host memory consumption via a large number of VIRTIOGPUCMDRESOURCEUNREF commands sent without detaching the backing storage beforehan...

6.5CVSS6.6AI score0.00393EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.3 views

SUSE CVE-2017-5993

Memory leak in the vrendrendererinitblitctx function in vrendblitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service host memory consumption via a large number of VIRGLCCMDBLIT commands...

6.5CVSS6.5AI score0.00389EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.5 views

SUSE CVE-2017-14431

Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service ARM or x86 AMD host OS memory consumption by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207...

5.5CVSS8.7AI score0.00338EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.7 views

SUSE CVE-2018-5244

In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service host OS memory consumption by rebooting many...

4CVSS6.6AI score0.00371EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2022/12/13 8:0 a.m.5 views

containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak

...

6.5CVSS6.8AI score0.01022EPSS
Exploits0
Rows per page
Query Builder