Lucene search
+L

20 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.12 views

CVE-2026-42304

A flaw was found in Twisted, specifically within the twisted.names module. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted TCP DNS packet containing deeply chained compression pointers. This can lead to resource exhaustion, causing the...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References4
OSV
OSV
added 2026/06/03 1:59 p.m.9 views

USN-8380-1 twisted vulnerability

It was discovered that Twisted incorrectly handled DNS name decompression. A remote attacker could possibly use this issue to cause Twisted to consume excessive resources, leading to a denial of service...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.18 views

PT-2026-46110

It was discovered that Twisted incorrectly handled DNS name decompression. A remote attacker could possibly use this issue to cause Twisted to consume excessive resources, leading to a denial of service...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2026/06/02 6:2 a.m.11 views

Security update for python-Twisted

This update for python-Twisted fixes the following issue CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265. Patch Instructions: To install this SUSE update use the SUSE...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References4
OSV
OSV
added 2026/06/02 6:2 a.m.8 views

SUSE-SU-2026:2219-1 Security update for python-Twisted

This update for python-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References3
OSV
OSV
added 2026/06/02 6:0 a.m.8 views

SUSE-SU-2026:2218-1 Security update for python3-Twisted

This update for python3-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References3
OSV
OSV
added 2026/06/01 8:22 a.m.5 views

OPENSUSE-SU-2026:20862-1 Security update for python-Twisted

This update for python-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.14 views

Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2026-1734)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1734 advisory. The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.2 views

Astra Linux – Vulnerability in Ruby 3.1

The attack vector is a potential Denial of Service DoS attack. The vulnerability arises from an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can create a malicious DNS packet containing a highly compressed domain name. When the resolv library...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:27 p.m.8 views

Security Bulletin: Astronomer with IBM is vulnerable to denial of service due to the resolv package (CVE-2025-24294)

Summary Resolv is used by Astronomer with IBM as part of the DNS functionality. Vulnerability Details CVEID:CVE-2025-24294 DESCRIPTION: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a...

7.5CVSS6.2AI score0.00539EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-24294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within ...

7.5CVSS6.5AI score0.00539EPSS
Exploits0References3
Amazon
Amazon
added 2025/08/08 12:0 a.m.5 views

Medium: ruby3.2

Issue Overview: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv...

7.5CVSS6.8AI score0.00539EPSS
Exploits0
Amazon
Amazon
added 2025/08/04 12:0 a.m.6 views

Medium: ruby

Issue Overview: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv...

7.5CVSS6.9AI score0.00539EPSS
Exploits0
OSV
OSV
added 2025/07/12 4:15 a.m.7 views

AZL-65202 CVE-2025-24294 affecting package ruby for versions less than 3.1.7-3

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References1
OSV
OSV
added 2025/07/12 4:15 a.m.7 views

AZL-65241 CVE-2025-24294 affecting package ruby for versions less than 3.3.5-5

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

7.5CVSS6.8AI score0.00539EPSS
Exploits0References1
OSV
OSV
added 2025/07/12 4:15 a.m.5 views

DEBIAN-CVE-2025-24294

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

7.5CVSS6.4AI score0.00539EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/07/12 3:30 a.m.7 views

CVE-2025-24294

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

7.5CVSS6.4AI score0.00539EPSS
Exploits0
RubySec
RubySec
added 2025/07/08 12:0 a.m.9 views

Possible Denial of Service in resolv gem

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name...

7.5CVSS6.3AI score0.00539EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.5 views

SUSE CVE-2020-24339

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing...

7.5CVSS7.5AI score0.02761EPSS
Exploits0References3
OSV
OSV
added 2021/04/22 9:15 p.m.5 views

CVE-2020-27009

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...

8.1CVSS7.3AI score0.07194EPSS
Exploits0References2
Rows per page
Query Builder