CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a traversal bug in ext4mbusepreallocated. During allocation, when searching for pre-allocations PA in the per-inode rbtree, we cannot perform a direct traversal of the tree because ext4mbdiscardgrouppreallocation may...

5.8AI score0.00161EPSS

Exploits0References1

SUSE CVE•added 2026/06/16 2:19 a.m.•9 views

SUSE CVE-2026-50011

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

RedhatCVE•added 2026/06/15 8:35 a.m.•8 views

Exploits0References3

CVE-2026-50011

A flaw was found in Netty, a network application framework. The RedisArrayAggregator component pre-allocates memory based on the declared element count in a Redis array header. A remote attacker can exploit this by sending a small, malicious Redis array header that claims a huge initial capacity,...

OSV•added 2026/06/12 4:16 p.m.•3 views

Exploits0References6

UBUNTU-CVE-2026-50011

Vulnrichment•added 2026/06/12 2:52 p.m.•9 views

Exploits0References5

CVE-2026-50011 Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length

CVE•added 2026/06/12 2:52 p.m.•40 views

Exploits0References3

CVE-2026-50011

Netty CVE-2026-50011 affects RedisArrayAggregator in Netty (prior to 4.1.135.Final and 4.2.15.Final). A RESP header can claim a large initial ArrayList capacity, taken from the wire before child messages exist, enabling unbounded pre-allocation. This can cause memory consumption issues. The issue...

Exploits0References3Affected Software1

Cvelist•added 2026/06/12 2:10 p.m.•26 views

CVE-2026-45416 Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

7.5CVSS0.00335EPSS

Exploits0References3

Positive Technologies•added 2026/06/12 12:0 a.m.•12 views

PT-2026-48903

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description Netty is a network application framework for developing protocol servers and clients. The RedisArrayAggregator pre-allocates an ArrayList with an initial...

7.5CVSS5.2AI score0.00335EPSS

Exploits0References6

NVD•added 2026/05/08 3:17 p.m.•7 views

CVE-2026-44500

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...

5.3CVSS0.00362EPSS

Exploits1References1

ATTACKERKB•added 2026/05/08 3:10 p.m.•6 views

CVE-2026-44500

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/08 3:10 p.m.•7 views

CVE-2026-44500 ZEBRA: Allocation Amplification in Inbound Network Deserializers

CVE•added 2026/05/08 3:10 p.m.•23 views

Exploits1References1

CVE-2026-44500

ZCV-64500: Allocation amplification in Zebra inbound deserializers affects Zebra nodes prior to 4.4.0 across zebrad, zebra-chain, and zebra-network. Inbound messages (headers, blocks, transactions) could be deserialized using generic transport or block-size ceilings, causing unauthenticated/post-...

Exploits1References1Affected Software3

CNNVD•added 2026/05/08 12:0 a.m.•8 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained security vulnerabilities. These vulnerabilities stemmed from excessive buffer sizes allocated for multiple inbound deserialization paths, which could allow attackers t...

5.3CVSS5.9AI score0.00362EPSS

Exploits1References1

OSV•added 2026/05/07 8:55 p.m.•2 views

GHSA-438Q-JX8F-CCCV Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers

CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Exploits1References4

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: udf: Fixed the issue of discarding data before allocation at the indirect extent boundary. When the preallocation extent is the first one in the extent block, the code would corrupt the extent tree header instead. This issue has...

5.5CVSS5.7AI score0.00254EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed the issue of resolving backrefs for inline extents followed by prealloc extents. If a file consists of an inline extent followed by a regular or prealloc extent, then a legitimate attempt to resolve a logical...

5.5CVSS5.6AI score0.00142EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fixed races among concurrent prealloc/proc write operations. We currently have no protection against concurrent changes to PCM buffer preallocations via proc files. This could potentially lead to UAF or other strange...

7.8CVSS5.5AI score0.00263EPSS