Memory Allocation with Excessive Size Value

Overview PyPDF2 is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the FlateDecode method when handling streams with a /Predictor value not equal to...

GHSA-CPF9-PH2J-CCR9 zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger...

zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger...

EUVD-2026-23300

MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport...

GHSA-353C-V8X9-V7C3 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

Summary The readRequestBody function in src/transports/http/server.ts concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request. Details File:...

SpdyStream: DOS on CRI

The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames,...

CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

CVE-2026-4151

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a specially crafted ANI Animated Cursor file or visiting a malicious web page. This issue stems from an integer overflow during the parsing of ANI files, caused by insufficient validation of...

Python 安全漏洞

Python is an open-source, object-oriented programming language developed by the Python Foundation. This language features extensibility, support for modules and packages, and compatibility with multiple platforms. Python has security vulnerabilities; one of these vulnerabilities arises from reusi...

PT-2026-32423

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...

EUVD-2018-21770

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based...

Duplicate Advisory: OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4qwc-c7g9-4xcw. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling...

GHSA-HM63-VWJ4-MJ2Q Duplicate Advisory: OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4qwc-c7g9-4xcw. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling...

Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007099)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007099 advisory. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large...

SUSE CVE-2026-35480

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...

CVE-2026-35633

OpenClaw prior to version 2026.3.22 is affected by an unbounded memory allocation vulnerability in the remote media HTTP error handling path. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate memory without bounds befo...

CVE-2026-5440 Memory Exhaustion via Unbounded Content-Length

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

CVE-2026-5440

CVE-2026-5440 describes a memory exhaustion vulnerability in an HTTP server caused by unbounded handling of the Content-Length header. The server allocates memory directly based on the attacker-supplied Content-Length value, without an upper limit, so a crafted request with a very large Content-L...

PT-2026-31768

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw is susceptible to an unbounded memory allocation issue in its remote media HTTP error handling. Attackers can exploit this by sending specially crafted HTTP error responses with large...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from unlimited memory allocation issues in remote media HTTP error handling, which could lead to excessive...