4 matches found
CVE-2026-11586 WS Auto-PONG memory exhaustion
By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the sshpacketreadpollseqnr function in packet.c. Ping packets SSH2MSGPING received without authentication buffer but neither send nor free PONG responses, which can consume unlimit...
Internet Bug Bounty: mod_lua: Crash in websockets PING handling
A stack recursion crash in the modlua module was found. A Lua script executing the r:wsupgrade function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive...
Apache Httpd < 2.4.16 : mod_lua: Crash in websockets PING handling
A stack recursion crash in the modlua module was found. A Lua script executing the r:wsupgrade function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive...