39 matches found
CVE-2026-32136
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libwebsockets (UTSA-2025-991026)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991026 advisory. Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user...
EUVD-2025-35045
Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the lwshandshakeserver function when a user-provided callback handles LWSCALLBACKHTTPCONFIRMUPGRADE. An attacker can cause a crash or disrupt service by triggering the callback under specific conditions. Note: This is...
CVE-2025-11677 Use After Free in libwebsockets WebSocket server
Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...
CVE-2025-11677
CVE-2025-11677 is a Use After Free in the warmcat libwebsockets WebSocket server (lws_handshake_server). The vulnerability triggers in configurations where a user-supplied callback handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, potentially allowing a denial-of-service. Public advisories reference aff...
EUVD-2021-2266
Malware in sbrugna...
EUVD-2018-0495
Malware in sbrugna...
undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
CVE-2024-23326 Envoy incorrectly accepts HTTP 200 response for entering upgrade mode
Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230section-6.7 a server sends 101 when switching...
undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
BIT-TOMCAT-2021-42340 DoS via memory leak with WebSocket connections
The fix for bug 63362 present in Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This...
Undertow Uncontrolled Resource Consumption Vulnerability
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
CVE-2024-1635
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
CVE-2024-1635 Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
CVE-2024-1635 Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
CVE-2024-1635
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS
A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.6.0 Security release
Red Hat JBoss Web Server 5.6.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which giv...