Lucene search
K

47 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-57220

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...

7.5CVSS0.00429EPSS
Exploits1References6
OSV
OSV
added 4 days ago1 views

CVE-2026-57220 RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...

7.5CVSS6.1AI score0.00429EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/06/01 7:57 a.m.10 views

CVE-2026-49361 Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability

Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...

5.8AI score0.0058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.14 views

CVE-2026-42437

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/23 5:35 a.m.5 views

Denial Of Service (DoS)

OpenClaw is vulnerable to a Denial Of Service DoS. The vulnerability is due to improper validation of oversized frames in the voice-call realtime WebSocket path, which allows a remote attacker to send oversized WebSocket frames and cause service unavailability...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/15 6:4 p.m.9 views

CVE-2026-42788

A flaw was found in bandit. An unauthenticated remote attacker can exploit a vulnerability in the HTTP/2 frame deserialization process by sending oversized HTTP/2 frames. This allows the attacker to force the server to buffer excessive amounts of memory, leading to memory exhaustion and a denial ...

7.5CVSS5.9AI score0.0051EPSS
Exploits0References7
RustSec
RustSec
added 2026/05/15 12:0 p.m.15 views

Unbounded 32-bit allocation

Both the SSH agent server and client accepted peer-controlled frame lengths without enforcing a maximum frame size. This could cause large memory allocations while parsing a maliciously crafted agent frame. A malicious peer could advertise an oversized frame length, causing the client or server t...

7.5CVSS5.9AI score0.00263EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/15 12:0 p.m.9 views

RUSTSEC-2026-0154 Unbounded 32-bit allocation

Both the SSH agent server and client accepted peer-controlled frame lengths without enforcing a maximum frame size. This could cause large memory allocations while parsing a maliciously crafted agent frame. A malicious peer could advertise an oversized frame length, causing the client or server t...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 3:52 a.m.11 views

Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion

Summary Bandit's HTTP/2 parser checks frame size after it has already buffered the full body, instead of when it sees the 9-byte header. A peer can announce a 16 MiB frame on a connection that agreed to 16 KiB frames and the server will silently buffer up to 1024× the agreed budget per connection...

6.9CVSS5.9AI score0.0051EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/05 1:35 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call realtime WebSocket path when oversized WebSocket frames are accepted without proper validation. An attacker can cau...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 1:35 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call realtime WebSocket path when oversized WebSocket frames are accepted without proper validation. An attacker ca...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 12:16 p.m.30 views

CVE-2026-42437

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...

8.2CVSS0.00417EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.58 views

CVE-2026-42437 OpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...

8.2CVSS0.00417EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.4 views

CVE-2026-42437 OpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:24 a.m.5 views

CVE-2026-42437

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/05 11:24 a.m.16 views

CVE-2026-42437

Technical details are not publicly available in the provided documents. Monitor for updates.

8.2CVSS5.8AI score0.00417EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/01 8:34 p.m.43 views

CVE-2026-42788 HTTP/2 frame size limit checked after body is buffered in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGSMAXFRAMESIZE limit only after pattern-matching...

6.9CVSS0.0051EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:34 p.m.3 views

CVE-2026-42788

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGSMAXFRAMESIZE limit only after pattern-matching...

6.9CVSS5.9AI score0.0051EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.4 views

CVE-2026-41400 OpenClaw < 2026.3.31 - Resource Consumption via Oversized WebSocket Frames in voice-call

OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service...

6.9CVSS5.2AI score0.00532EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/28 6:9 p.m.8 views

EUVD-2026-26108

OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service...

8.7CVSS5.2AI score0.00532EPSS
Exploits0References3
Rows per page
Query Builder