17 matches found
Astra Linux - уязвимость в golang-golang-x-net, golang-1.15
In Go, before versions 1.15.12 and 1.16.x, and before version 1.16.4, net/http allowed remote attackers to cause a denial of service panic through a large header sent to ReadRequest or ReadResponse. This issue can affect the Server, Transport, and Client components in certain configurations...
CVE-2026-34062
CVE-2026-34062 affects the Nimiq libp2p integration. Before version 1.3.0, MessageCodec::read_request and read_response call read_to_end() on inbound substreams, allowing a remote peer to send only a partial frame and keep the substream open. Additionally, Behaviour::new sets with_max_concurrent_...
CVE-2026-39974
n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...
openSUSE 16 Security Update : go1.25 (openSUSE-SU-2025:20157-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20157-1 advisory. Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host...
OESA-2025-2648 golang security update
. Security Fixes: tar.Reader in the Go archive/tar component did not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions could cause a Reader to read an unbounded amount of data fr...
Excessive CPU consumption in Reader.ReadResponse in net/textproto
...
CVE-2025-61724
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...
AZL-78921 CVE-2025-61724 affecting package golang 1.25.7-1
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...
CVE-2024-43763
In buildreadmultirsp of gattsr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote proximal/adjacent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
mozilla: Missing permission check when creating a StreamFilter
The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...
mozilla: Missing permission check when creating a StreamFilter
The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...
mozilla: Missing permission check when creating a StreamFilter
The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...
CLZero - A Project For Fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors
A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. About Thank you to @albinowax, @defparam and @d3d else this tool would not exist. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and...
SUSE CVE-2021-31525
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...
golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...
Google Golang 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A security vulnerability exists in Go versions prior to 1.15.12 and 1.16.x prior to 1.16.4, which can be exploited by remote attackers to cause a denial of service by sending a...
OPC UA Read Response Command
...