Lucene search
K

93 matches found

RedHat Linux
RedHat Linux
added 5 days ago3 views

netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending a specially crafted Redis payload containing deeply nested arrays. This action forces the server to allocate a large number of state objects and collections, leading to memory exhaustion...

7.5CVSS5.9AI score0.0038EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 6:26 a.m.3 views

OESA-2026-2806 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.1CVSS6.1AI score0.00165EPSS
Exploits2References4
OSV
OSV
added 2026/07/06 6:26 a.m.4 views

OESA-2026-2805 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.1CVSS6.1AI score0.00165EPSS
Exploits2References4
OSV
OSV
added 2026/07/06 6:25 a.m.5 views

OESA-2026-2804 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.1CVSS6.1AI score0.00165EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/06/25 5:22 p.m.37 views

CVE-2026-47770 jq: stack overflow in deep structural equality

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...

6.8CVSS0.00111EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:22 p.m.6 views

CVE-2026-47770

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...

6.8CVSS5.9AI score0.00111EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/25 5:22 p.m.37 views

CVE-2026-47770

The CVE-2026-47770 issue affects jq (the JSON processor) where comparing deeply nested arrays with the == operator can cause stack exhaustion via recursive structural comparison in src/jv.c (jvp_array_equal, jv_equal) and overflow in jv_cmp in src/jv_aux.c. This leads to a denial of service on at...

6.8CVSS5.9AI score0.00111EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 5:22 p.m.8 views

CVE-2026-47770

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...

6.8CVSS5.9AI score0.00111EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/23 6:48 p.m.7 views

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

7.5CVSS5.9AI score0.0243EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 6:28 p.m.8 views

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

7.5CVSS5.9AI score0.0243EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 5:32 p.m.6 views

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

7.5CVSS5.9AI score0.0243EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 5:21 p.m.15 views

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

7.5CVSS5.9AI score0.0243EPSS
Exploits0References5
OSV
OSV
added 2026/06/11 10:16 p.m.7 views

UBUNTU-CVE-2026-44250

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

7.5CVSS5.3AI score0.0038EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/11 8:49 p.m.9 views

CVE-2026-44250 Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

7.5CVSS5.2AI score0.0038EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 8:49 p.m.1 views

CVE-2026-44250 Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

7.5CVSS5.9AI score0.0038EPSS
Exploits0References9
CVE
CVE
added 2026/06/11 8:49 p.m.62 views

CVE-2026-44250

CVE-2026-44250 describes memory exhaustion DoS in Netty’s RedisArrayAggregator. Affected: io.netty:netty-codec-redis in versions prior to 4.1.135.Final and 4.2.15.Final. Root cause: processing of deeply nested Redis arrays from a crafted payload causes unbounded AggregateState/ArrayList allocatio...

7.5CVSS5.4AI score0.0038EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained a resource management vulnerability. This...

7.5CVSS5.2AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 7:1 p.m.10 views

GHSA-3244-J874-RHC2 Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Summary An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Details io.netty.handler.codec.redis.RedisArrayAggregator...

7.5CVSS5.5AI score0.0038EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/08 7:1 p.m.14 views

Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Summary An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Details io.netty.handler.codec.redis.RedisArrayAggregator...

7.5CVSS5.5AI score0.0038EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47601

Name of the Vulnerable Software and Affected Versions netty-codec-redis versions prior to 4.1.135.Final netty-codec-redis versions prior to 4.2.15.Final Description A denial of service can occur when an attacker sends a crafted Redis payload containing deeply nested arrays. The...

7.5CVSS5.5AI score0.0038EPSS
Exploits0References56
Rows per page
Query Builder