CVE-2026-31826

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

CVE-2026-0918 Null Pointer Dereference in Tapo SmartCam HTTP Service on TP-Link Tapo C220 & C520WS

The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the http.client.HTTPResponse.read function when used without arguments. An attacker can exhaust system memory and potentially cause application or system instability by sending a...

CVE-2023-28097

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

SUSE-SU-2025:20330-1 Security update for python-h11, python-httpcore

This update for python-h11, python-httpcore fixes the following issues: python-h11: - Update 0.16.0: CVE-2025-43859: Fixed accepting of malformed Chunked-Encoding bodies bsc1241872 - 0.15.0: Reject Content-Lengths = 1 zettabyte 1 billion terabytes early, without attempting to parse the integer 18...

Security update for python-h11, python-httpcore

This update for python-h11, python-httpcore fixes the following issues: python-h11: - Update 0.16.0: CVE-2025-43859: Fixed accepting of malformed Chunked-Encoding bodies bsc1241872 - 0.15.0: Reject Content-Lengths = 1 zettabyte 1 billion terabytes early, without attempting to parse the integer...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the archivereadsupportformatwarc.c process. An attacker can cause memory corruption or unpredictable program behavior by supplying a specially crafted WARC file with an excessively large content length...

CVE-2022-1069

A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...

Softing Secure Integration Server 缓冲区错误漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A buffer error vulnerability exists in Softing Secure Integrati...

PT-2009-5109 · Digium · Asterisk Open Source +2

Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 1.2.x through 1.2.33 Asterisk Open Source versions 1.4.x through 1.4.26 Asterisk Open Source versions 1.6.0.x through 1.6.0.11 Asterisk Open Source versions 1.6.1.x through 1.6.1.3 Asterisk Business Edition A.x.x...

CVE-2004-2381

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service memory usage and application crash via HTTP requests with a large Content-Length...

CVE-2004-1501

The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service CPU and memory consumption by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data...