Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

SUSE CVE-2026-40347

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

CVE-2026-40347

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

DEBIAN-CVE-2026-40347

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

CVE-2026-40347 Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

CVE-2026-40347

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

CVE-2026-40347

The CVE-2026-40347 entry concerns Python-Multipart. Versions prior to 0.0.26 are vulnerable to a denial-of-service when parsing crafted multipart/form-data with large preambles/epilogues. The fix (0.0.26+) skips ahead on leading CR/LF data and discards epilogue data after the closing boundary. Af...

CVE-2026-40347

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

CVE-2026-40347 Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

python-multipart affected by Denial of Service via large multipart preamble or epilogue data

Summary A denial of service vulnerability exists when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Details Two inefficient multipart parsing paths could be abused with attacker-controlled input. Before the first multipart boundary, the parser handled...

Excessive Iteration

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Excessive Iteration in the parsing performed by multipart.py. An attacker can degrade performance by sending multipart requests with very large preamble or epilogue sections...

GHSA-MJ87-HWQH-73PJ python-multipart affected by Denial of Service via large multipart preamble or epilogue data

Summary A denial of service vulnerability exists when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Details Two inefficient multipart parsing paths could be abused with attacker-controlled input. Before the first multipart boundary, the parser handled...

PT-2026-33212

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.26 Description An issue exists when parsing crafted multipart/form-data requests containing large preamble or epilogue sections. Two inefficient parsing paths can be abused: the parser handles leading CR...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005316)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005316 advisory. Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes befo...

MiracleLinux 9 : pcs-0.11.9-2.el9_6.2.ML.1 (AXSA:2025-11083:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11083:07 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's...

MGASA-2025-0334 Updated ruby-rack packages fix security vulnerabilities

Unbounded-Parameter DoS in Rack::QueryParser. CVE-2025-46727 ReDoS Vulnerability in Rack::Multipart handlemimehead. CVE-2025-49007 Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters. CVE-2025-59830 Rack's unbounded multipart preamble buffering...

DeepGuard: Defending Deep Joint Source-Channel Coding against Eavesdropping at Physical-Layer

Deep joint source-channel coding DeepJSCC has emerged as a promising paradigm for efficient and robust information transmission. However, its intrinsic characteristics also pose new security challenges, notably an increased vulnerability to eavesdropping attacks. Existing studies on defending...

Denial Of Service

rack is vulnerable to Denial Of Service. The vulnerability is due to unbounded buffering of the multipart preamble in Rack::Multipart::Parser, where attackers can send extremely large preamble data before the first boundary, causing excessive memory consumption and potential OOM-induced DoS...

rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

A flaw was found in Rack where the Rack::Multipart::Parser buffers the multipart preamble memory without size limits. A remote attacker can send a crafted multipart/form-data request with a very large preamble before its first boundary, causing excessive memory consumption and denial of service...

Alibaba Cloud Linux 3 : 0168: pcs (ALINUX3-SA-2025:0168)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0168 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-59830: Rack is a modular Ruby web...