SUSE CVE-2026-35480

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...

CVE-2026-35633

OpenClaw prior to version 2026.3.22 is affected by an unbounded memory allocation vulnerability in the remote media HTTP error handling path. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate memory without bounds befo...

CVE-2026-5440

The CVE describes a memory exhaustion vulnerability in the HTTP server caused by unbounded use of the Content-Length header. The server allocates memory directly from the attacker-supplied header value without an upper limit, so a crafted request with an extremely large Content-Length can cause e...

CVE-2026-5440 Memory Exhaustion via Unbounded Content-Length

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

PT-2026-31768

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw is susceptible to an unbounded memory allocation issue in its remote media HTTP error handling. Attackers can exploit this by sending specially crafted HTTP error responses with large...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from unlimited memory allocation issues in remote media HTTP error handling, which could lead to excessive...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...

CVE-2026-32288

A flaw was found in Go's archive/tar package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the tar.Reader processes an archive containing a large number of sparse regions in the "old GNU sparse map" format, it can lead to unbounded memor...

CLSA-2026-1775651477 Fix CVE(s): CVE-2026-24484

SECURITY UPDATE: denial-of-service from multi-layer nested MVG-to-SVG conversions - debian/patches/CVE-2026-24484.patch: Add recursion-depth check and throw VectorGraphicsNestedTooDeeply on reaching maximum; prevent crash from unbounded nesting of graphic-context elements. -...

Security Bulletin: Fulcio OIDC Token Parsing DoS Vulnerability in extractIssuerURL affects watsonx.data

Summary ulcio prior to 1.8.3 is vulnerable to a Denial-of-Service DoS issue where malicious OIDC tokens containing excessive period characters can trigger high memory allocation during parsing. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-66506 DESCRIPTION: Fulcio is a...

CVE-2026-32288

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...

DEBIAN-CVE-2026-32288

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...

UBUNTU-CVE-2026-32288

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...

CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...

CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...

CVE-2026-32288

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...

ROS-20260408-73-0023

A vulnerability in the destroyargs function of the mm/debugvmpgtable.c component of the Linux kernel is related to the allocation of unlimited memory. Exploitation of the vulnerability allows an attacker to cause a denial of service...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which can lead to the allocation of unlimited memory when reading malicious archives containing a lar...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006603)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006603 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput inputdev name Reference the HID devic...

GO-2026-4869 Unbounded allocation for old GNU sparse in archive/tar

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...