GHSA-268H-HP4C-CRQ3 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

Summary Nodemailer constructs List- headers from the caller-provided list message option using internally prepared header values. The list..comment field is inserted into those prepared values without removing CR \r or LF \n characters. Because prepared headers bypass the normal header-value...

Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

Summary Nodemailer constructs List- headers from the caller-provided list message option using internally prepared header values. The list..comment field is inserted into those prepared values without removing CR \r or LF \n characters. Because prepared headers bypass the normal header-value...

AZL-79598 CVE-2025-69644 affecting package binutils 2.37-20

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless...

USN-7490-1 libsoup2.4 vulnerabilities

Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. CVE-2025-32906 Alon Zahavi discovered that libsoup incorrectly parse...

CVE-2017-3824

Cisco CVE-2017-3824 affects Cisco cBR Series Converged Broadband Routers (notably cBR-8) running Cisco IOS XE. The vulnerability is caused by memory corruption in the handling of list headers, allowing an unauthenticated, remote attacker to cause the device to reload and crash (DoS) by sending cr...