Astra Linux - уязвимость в dovecot

Very large headers can cause resource exhaustion when parsing messages. The message parser usually reads relatively small chunks of the message. However, when these smaller chunks are fed into the message-header parser, the “fullvalue” buffer starts to grow excessively. The “fullvalue” buffer has...

Allocation of Resources Without Limits or Throttling

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when parsing multipart headers in MultipartParser, which can hang without failing in the following states:...

Astra Linux - уязвимость в python-django

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of the Accept-Language header are cached in order to avoid repeated parsing. This can lead to a potential denial-of-service vulnerability due to excessive memory usage if the raw value of the Accept-Language...

MiracleLinux 9 : dovecot-2.3.16-11.el9_4.1 (AXSA:2024-8803:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8803:04 advisory. dovecot: using a large number of address headers may trigger a denial of service CVE-2024-23184 dovecot: very large headers can cause resource...

SUSE CVE-2025-64702

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

CVE-2025-64702

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

EUVD-2002-1577

Malware in sbrugna...

EUVD-2022-4104

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-23185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when i...

Linux Distros Unpatched Vulnerability : CVE-2022-30780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service CPU consumption from stuck connections because connectionreadheadermore in...

GHSA-RXC4-3W6R-4V47 vllm API endpoints vulnerable to Denial of Service Attacks

Summary A Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making ...

Linux Distros Unpatched Vulnerability : CVE-2018-12121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests wi...

CLSA-2025-1753987188 dovecot: Fix of CVE-2024-23185

CVE-2024-23185: fix resource exhaustion caused by very large headers when parsing messages...

Medium: dovecot

Issue Overview: Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23185 Affected Packages: dovecot Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Cor...

dovecot: very large headers can cause resource exhaustion when parsing message

A security issue was found in Dovecot. Very large headers can lead to resource exhaustion when parsing messages. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to the message-header-parser, it starts building up a "fullvalue" buffer out of th...

ALPINE-CVE-2024-23185

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "fullvalue" buffer out of the smaller chunks. The fullvalue buffer has no si...

DEBIAN-CVE-2024-23185

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "fullvalue" buffer out of the smaller chunks. The fullvalue buffer has no si...

AZL-49027 CVE-2024-23185 affecting package dovecot 2.3.20-1

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "fullvalue" buffer out of the smaller chunks. The fullvalue buffer has no si...

CVE-2024-23185

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "fullvalue" buffer out of the smaller chunks. The fullvalue buffer has no si...

CVE-2024-23185

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "fullvalue" buffer out of the smaller chunks. The fullvalue buffer has no si...