Lucene search
+L

95 matches found

github
github
added 2026/06/05 3:27 p.m.22 views

Klever-Go KVM: Hash-array amplification in P2P resolver request handling

Summary A connected peer can send a compressed RequestDataTypeHashArrayType direct request that is only 442 bytes on the wire but expands into 200000 decoded hash entries inside the resolver path. On klever-go v1.7.17, this allows remote memory and CPU amplification against nodes that accept P2P...

8.6CVSS5.5AI score0.0038EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.15 views

PT-2026-46990

Name of the Vulnerable Software and Affected Versions klever-go version 1.7.17 Description A connected peer can trigger remote memory and CPU amplification on nodes that accept P2P peer connections. This occurs when a compressed RequestDataType HashArrayType direct request is sent; a small payloa...

7.5CVSS5.9AI score0.0005EPSS
Exploits0References5
osv
osv
added 2026/05/29 7:55 p.m.11 views

GHSA-QJVR-435C-5FJH Nerdbank.MessagePack has a memory amplification DoS in collection deserialization

Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating destination storage. A crafted payload could therefore force large arrays, pooled buffers, dictionaries, or collection instances to be...

5.3CVSS5.7AI score
Exploits0References3
github
github
added 2026/05/29 7:55 p.m.40 views

Nerdbank.MessagePack has a memory amplification DoS in collection deserialization

Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating destination storage. A crafted payload could therefore force large arrays, pooled buffers, dictionaries, or collection instances to be...

5.7AI score
Exploits0References3Affected Software1
redhat
redhat
added 2026/05/19 6:28 p.m.23 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.4AI score0.01279EPSS
Exploits1References6
redhat
redhat
added 2026/05/19 1:35 p.m.16 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.4AI score0.01279EPSS
Exploits1References6
attackerkb
attackerkb
added 2026/05/19 5:0 a.m.12 views

CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/05/11 6:6 p.m.9 views

CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/11 12:0 a.m.15 views

PT-2026-39731

Name of the Vulnerable Software and Affected Versions cowlib versions 0.6.0 through 2.16.0 Description An uncontrolled resource consumption issue in the cow http te module allows for excessive allocation. The chunked transfer-encoding parser accepts an unbounded number of hex digits in the...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References11
redhat
redhat
added 2026/04/27 3:6 p.m.9 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS7.5AI score0.01279EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/04/11 1:21 a.m.4 views

CVE-2026-34166

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limite...

5.3CVSS5.8AI score0.00495EPSS
Exploits1References1
nvd
nvd
added 2026/04/07 9:17 p.m.9 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS0.00435EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/04/07 8:29 p.m.5 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.9AI score0.00435EPSS
Exploits1References2Affected Software1
redhatcve
redhatcve
added 2026/03/27 4:59 a.m.3 views

CVE-2026-33287

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References1
nvd
nvd
added 2026/03/26 1:16 a.m.5 views

CVE-2026-33287

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS0.00471EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/03/26 12:33 a.m.3 views

CVE-2026-33287 LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/03/26 12:33 a.m.10 views

CVE-2026-33287

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2026/03/26 12:33 a.m.28 views

CVE-2026-33287 LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS0.00471EPSS
Exploits1References2
osv
osv
added 2026/03/26 12:33 a.m.4 views

CVE-2026-33287 LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS5.9AI score0.00471EPSS
Exploits1References4
cve
cve
added 2026/03/26 12:33 a.m.22 views

CVE-2026-33287

LiquidJS has a vulnerability where the replace_first filter uses String.prototype.replace(), causing $& expansions to inflate output without counting against memoryLimit. This can yield exponential memory amplification (up to ~625,000:1) and denial of service. Publicly documented details show the...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder