Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/07/03 6:13 a.m.35 views

CVE-2026-11586 WS Auto-PONG memory exhaustion

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

0.0086EPSS
Exploits1References3
Snyk
Snyk
added 2025/02/17 10:0 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the sshpacketreadpollseqnr function in packet.c. Ping packets SSH2MSGPING received without authentication buffer but neither send nor free PONG responses, which can consume unlimit...

8.7CVSS7.3AI score0.38474EPSS
Exploits4References2
Hacker One
Hacker One
added 2015/01/28 12:0 a.m.80 views

Internet Bug Bounty: mod_lua: Crash in websockets PING handling

A stack recursion crash in the modlua module was found. A Lua script executing the r:wsupgrade function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive...

5CVSS8.7AI score0.18812EPSS
Exploits0
Apache Httpd
Apache Httpd
added 2015/01/28 12:0 a.m.51 views

Apache Httpd < 2.4.16 : mod_lua: Crash in websockets PING handling

A stack recursion crash in the modlua module was found. A Lua script executing the r:wsupgrade function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive...

5CVSS8.7AI score0.18812EPSS
Exploits0Affected Software1
Rows per page
Query Builder