Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the websocket checks. An attacker can exhaust system memory by sending large incomplete frame payloads, potentially leading to service disruption. Remediation Upgrade aiohttp to...

PT-2026-49588

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description An issue exists in the asynchronous HTTP client/server framework where an attacker can send large incomplete websocket frame payloads. This allows the attacker to bypass standard memory use size...

CVE-2026-5071 can: Local Denial of Service via SocketCAN Send

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...

CVE-2017-13196

In several places in ihevcddecode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation...

Design/Logic Flaw

In several places in ihevcddecode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation...