Lucene search
+L

89 matches found

Cvelist
Cvelist
added 2 days ago26 views

CVE-2026-54464 websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS0.00445EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-54464

The CVE-2026-54464 issue affects the websocket-driver Ruby library. When used with the permessage-deflate extension, WebSocket servers/clients can accept messages larger than the configured maximum because length checks use the compressed data size (frame length headers) instead of the decompress...

6.3CVSS5.3AI score0.00445EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 4 days ago9 views

websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS6AI score0.00445EPSS
Exploits0References3Affected Software1
OSV
OSV
added 4 days ago5 views

GHSA-33PH-FCCM-39PJ websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS6AI score0.00445EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 4 days ago10 views

websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS6AI score0.00445EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-60382

Name of the Vulnerable Software and Affected Versions websocket-driver versions prior to 0.7.5 Description When used with the permessage-deflate extension, a WebSocket server or client may accept messages exceeding the configured maximum message size. This occurs because the size limit is validat...

6.3CVSS5.3AI score0.00445EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-15709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in...

7.5CVSS6.1AI score0.00548EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago11 views

PT-2026-60379

Name of the Vulnerable Software and Affected Versions affected versions not specified Description When used with the permessage-deflate extension, a WebSocket server or client may accept messages exceeding the configured maximum size. This occurs because the size limit is validated against the...

6.3CVSS5.3AI score0.00445EPSS
Exploits0References8
NVD
NVD
added 5 days ago5 views

CVE-2026-15709

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...

7.5CVSS0.00548EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-15709 Soupwebsocketextensiondeflate: libsoup: libsoup: websocket permessage-deflate unbounded decompression remote denial of service

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...

7.5CVSS0.00548EPSS
Exploits0References3
CVE
CVE
added 5 days ago9 views

CVE-2026-15709

The CVE concerns libsoup's WebSocket permessage-deflate implementation. The decompression loop (inflate()) can allocate memory without an upper bound, as output size is not bounded during decompression even though max_incoming_payload_size limits input frames. A separate check for decompressed si...

7.5CVSS6.1AI score0.00548EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago9 views

CVE-2026-15709

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...

7.5CVSS6.1AI score0.00548EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/08 8:21 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the permessage-deflate extension. An attacker can cause the application to process messages that exceed the intended resource limits by sending compressed messages that, when...

6.3CVSS6.1AI score0.00445EPSS
Exploits0References2
RubySec
RubySec
added 2026/06/04 12:0 a.m.4 views

Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS5.9AI score0.00445EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/13 2:21 p.m.13 views

CVE-2026-39804

A flaw was found in bandit. An unauthenticated attacker who can open a WebSocket connection can exploit a vulnerability when WebSocket permessage-deflate compression is enabled. This flaw allows for memory exhaustion by sending a highly compressed frame that, when decompressed, forces large memor...

8.2CVSS5.7AI score0.00625EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/07 3:36 a.m.5 views

EUVD-2026-26711

Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame...

8.2CVSS5.8AI score0.00625EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/07 3:36 a.m.15 views

Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame

Summary When a Bandit-fronted server has explicitly enabled WebSocket permessage-deflate compress: true, an unauthenticated client can OOM the BEAM with a single 6 MiB WebSocket frame. Bandit's inflate step has no output-size cap, so a small high-ratio compressed frame e.g. zeros, 1024:1 ratio...

8.2CVSS5.9AI score0.00625EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/07 3:36 a.m.6 views

GHSA-FRH3-6PV6-RC8J Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame

Summary When a Bandit-fronted server has explicitly enabled WebSocket permessage-deflate compress: true, an unauthenticated client can OOM the BEAM with a single 6 MiB WebSocket frame. Bandit's inflate step has no output-size cap, so a small high-ratio compressed frame e.g. zeros, 1024:1 ratio...

8.2CVSS5.9AI score0.00625EPSS
Exploits0References6
NVD
NVD
added 2026/05/01 9:16 p.m.10 views

CVE-2026-39804

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. 'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in...

8.2CVSS0.00625EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/01 8:34 p.m.29 views

CVE-2026-39804 WebSocket permessage-deflate inflate has no output-size cap in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. 'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in...

8.2CVSS0.00625EPSS
Exploits0References4
Rows per page
Query Builder