Lucene search
K

73 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/04/03 12:0 a.m.53 views

CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing

A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/03/26 7:49 p.m.7 views

CVE-2026-33532 yaml is vulnerable to Stack Overflow via deeply nested YAML collections

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6.2AI score0.00469EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:49 p.m.3 views

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6.1AI score0.00469EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2026/03/26 7:49 p.m.4 views

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS5.7AI score0.00469EPSS
Exploits1
Snyk
Snyk
added 2026/03/25 8:8 p.m.2 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the compose/resolve phase due to using recursive function calls without a depth bound. An attacker can cause the application to throw a RangeError and potentially terminate the Node.js process by supplying a...

6.5CVSS5.9AI score0.00469EPSS
Exploits1References2
OSV
OSV
added 2026/03/25 8:8 p.m.2 views

GHSA-48C2-RRV3-QJMP yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Parsing a YAML document with yaml may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a RangeError: Maximum call stack size exceeded with a small payload...

4.3CVSS6AI score0.00469EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/25 8:8 p.m.16 views

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Parsing a YAML document with yaml may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a RangeError: Maximum call stack size exceeded with a small payload...

4.3CVSS5.9AI score0.00469EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-28167

Name of the Vulnerable Software and Affected Versions yaml versions prior to 1.10.3 yaml versions prior to 2.8.3 Description The yaml library is susceptible to a stack overflow when parsing YAML documents. The issue occurs during the node resolution/composition phase, which uses recursive functio...

4.3CVSS6AI score0.00469EPSS
Exploits1References31
EUVD
EUVD
added 2026/03/13 8:41 p.m.3 views

EUVD-2026-11704

Undici has Unhandled Exception in WebSocket Client Due to Invalid servermaxwindowbits Validation...

7.5CVSS5.8AI score0.00874EPSS
Exploits0References6
OSV
OSV
added 2026/03/13 8:41 p.m.9 views

GHSA-V9P9-HFJ2-HCW8 Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

Impact The undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression....

7.5CVSS5.7AI score0.00874EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/13 8:41 p.m.8 views

Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

Impact The undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression....

7.5CVSS5.7AI score0.00874EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/12 9:16 p.m.4 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS5.7AI score
Exploits0References5
NVD
NVD
added 2026/03/12 9:16 p.m.5 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS0.00874EPSS
Exploits0References23
OSV
OSV
added 2026/03/12 9:16 p.m.4 views

UBUNTU-CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS5.7AI score0.00874EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 8:27 p.m.5 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS5.8AI score0.00874EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/12 8:27 p.m.26 views

CVE-2026-2229 undici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS0.00874EPSS
Exploits0References5
CVE
CVE
added 2026/03/12 8:27 p.m.53 views

CVE-2026-2229

The CVE affects the undici WebSocket client. It arises from improper validation of the server_max_window_bits parameter in the permessage-deflate extension: isValidClientWindowBits() only checks ASCII digits and not the 8–15 range, and createInflateRaw() is not wrapped in a try-catch. A malicious...

7.5CVSS5.8AI score0.00874EPSS
Exploits0References23Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24354

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.5 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A heap-based buffer overflow write exists in the CIccMatrixMath::SetRange function, potentially leading to memo...

7.8CVSS6AI score0.00173EPSS
Exploits0References9
Veracode
Veracode
added 2026/02/03 8:19 a.m.5 views

Denial-Of-Service (DoS)

fast-xml-parser is vulnerable to Denial-Of-Service DoS. The vulnerability is due to improper handling of out-of-range numeric XML entities, where parsing entity values beyond valid Unicode ranges triggers an uncaught RangeError, causing applications to crash when processing untrusted XML input...

7.5CVSS5.3AI score0.00559EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/30 8:10 p.m.2 views

GHSA-37QJ-FRW5-HHJH fast-xml-parser has RangeError DoS Numeric Entities Bug

Summary A RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-range entity code points e.g., or . This causes the parser to throw an uncaught exception, crashing any application that processes untrusted XML input. Details The...

7.5CVSS5.9AI score0.00559EPSS
Exploits1References5
Rows per page
Query Builder