Lucene search
K

46 matches found

NVD
NVD
added 2026/07/06 11:16 a.m.10 views

CVE-2026-56810

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS0.00344EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/06 9:17 a.m.31 views

CVE-2026-56810 mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS0.00344EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/06 9:17 a.m.5 views

CVE-2026-56810 mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS6AI score0.00344EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 1:36 p.m.5 views

CVE-2026-39806

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

8.7CVSS5.8AI score0.00637EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/05/13 1:36 p.m.28 views

CVE-2026-39803

CVE-2026-39803 – Bandit (Elixir) memory exhaustion via chunked HTTP/1 bodies. The issue occurs in the chunked path of Elixir.Bandit.HTTP1.Socket.read_data/2 where the caller-supplied length is ignored; every received chunk is buffered into an iolist and the entire body is materialized as a single...

8.7CVSS5.8AI score0.00642EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/27 7:16 p.m.8 views

UBUNTU-CVE-2026-22263

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS5.8AI score0.00401EPSS
Exploits0References5
CVE
CVE
added 2026/01/27 6:27 p.m.34 views

CVE-2026-22263

Suricata (network IDS/IPS/NSM) is affected by CVE-2026-22263 due to inefficiency in HTTP/1 header parsing that can cause slowdown over multiple packets. Affected versions are 8.0.0 up to, but not including, 8.0.3; the issue is fixed in 8.0.3. No workarounds are stated in the provided documents. T...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/27 6:27 p.m.8 views

CVE-2026-22263

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/27 6:27 p.m.20 views

CVE-2026-22263 Suricata http1: quadratic complexity in headers parsing over multiple packets

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS0.00401EPSS
Exploits0References3
OSV
OSV
added 2026/01/27 6:27 p.m.7 views

CVE-2026-22263 Suricata http1: quadratic complexity in headers parsing over multiple packets

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/01/27 6:27 p.m.6 views

CVE-2026-22263

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References3
CVE
CVE
added 2026/01/27 5:30 p.m.61 views

CVE-2026-22260

CVE-2026-22260 affects Suricata

7.5CVSS5.9AI score0.00494EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/27 5:30 p.m.36 views

CVE-2026-22260 Suricata http1: infinite recursion in decompression

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

7.5CVSS0.00494EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.11 views

Suricata security vulnerabilities

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Versions of Suricata prior to 8.0.0 and 8.0.3 contained security vulnerabilities. These vulnerabilities were due to inefficient parsing of http1 headers, which could lead to performance degradati...

5.3CVSS5.8AI score0.00401EPSS
Exploits0References3
NVD
NVD
added 2025/05/13 10:15 p.m.35 views

CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

5.4CVSS0.00328EPSS
Exploits0References3
Amazon
Amazon
added 2025/02/25 12:0 a.m.8 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called...

7.5CVSS6.8AI score0.007EPSS
Exploits1
OSV
OSV
added 2024/12/18 7:12 p.m.6 views

CVE-2024-53270 HTTP/1: sending overload crashes when the request is reset beforehand in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called. However, the...

7.5CVSS7.2AI score0.007EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.6 views

PT-2024-9687 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.29.12 Envoy versions prior to 1.30.9 Envoy versions prior to 1.31.5 Envoy versions prior to 1.32.3 Description: The issue is related to the envoy.load shed points.http1 server abort dispatch configuration in Envoy, a...

7.8CVSS6.5AI score0.007EPSS
Exploits1References10
Photon
Photon
added 2024/11/19 12:0 a.m.13 views

Moderate Photon OS Security Update - PHSA-2024-5.0-0405

Updates of 'linux', 'linux-esx', 'rubygem-protocol-http1' packages of Photon OS have been released...

5.8CVSS6.6AI score0.00637EPSS
Exploits0
Photon
Photon
added 2024/11/19 12:0 a.m.14 views

Moderate Photon OS Security Update - PHSA-2024-4.0-0713

Updates of 'rubygem-protocol-http1' packages of Photon OS have been released...

5.8CVSS8.2AI score0.00637EPSS
Exploits0
Rows per page
Query Builder