Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/03/31 1:36 a.m.28 views

CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

8.8CVSS0.08123EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.5 views

CVE-2026-32314

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

8.7CVSS5.8AI score0.00451EPSS
Exploits1References1
NVD
NVD
added 2026/03/16 2:19 p.m.3 views

CVE-2026-32314

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

8.7CVSS0.00451EPSS
Exploits1References1
OSV
OSV
added 2026/03/16 2:19 p.m.1 views

DEBIAN-CVE-2026-32314

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

7.5CVSS5.3AI score0.00451EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/13 8:4 p.m.10 views

Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145

Summary The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body validati...

8.7CVSS5.8AI score0.00451EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/13 7:53 p.m.2 views

CVE-2026-32314

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

8.7CVSS5.8AI score0.00451EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/13 7:53 p.m.31 views

CVE-2026-32314 Yamux remote Panic via malformed Data frame with SYN set and len = 262145

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

8.7CVSS0.00451EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/13 7:53 p.m.4 views

CVE-2026-32314

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

8.7CVSS5.3AI score0.00451EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.2 views

PT-2026-25373

Summary The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULT CREDIT e.g. 262145. On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body...

8.7CVSS5.8AI score0.00451EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/03 10:11 a.m.10 views

CVE-2025-55181

A flaw was found in proxygen. This vulnerability allows a denial of service DoS via sending an HTTP Hypertext Transfer Protocol request/response body with greater than 2^31 bytes, triggering an infinite loop and unbounded memory growth...

5.3CVSS6.4AI score0.00256EPSS
Exploits0References2
CVE
CVE
added 2025/12/02 10:13 p.m.13 views

CVE-2025-55181

The CVE-2025-55181 entry concerns Facebook Proxygen. A flaw in proxygen::coro::HTTPQuicCoroSession causes an infinite loop when processing HTTP request/response bodies larger than 2^31 bytes, blocking the event loop and appending to a std::vector each iteration. This leads to unbounded memory gro...

5.3CVSS6.4AI score0.00256EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/16 9:23 p.m.6 views

CVE-2025-62504 Envoy Lua filter use-after-free when oversized rewritten response body causes crash

Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the configured...

6.5CVSS0.00383EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/16 9:23 p.m.2 views

CVE-2025-62504 Envoy Lua filter use-after-free when oversized rewritten response body causes crash

Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the configured...

6.5CVSS6.4AI score0.00383EPSS
Exploits0References1
Rows per page
Query Builder