2 matches found
CVE-2026-48069 @grpc/grps-js: An incoming malformed compressed message can cause a client or server crash
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in...
zlib: Double free in inflateEnd
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once a "double free", which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data...