7 matches found
CVE-2026-42154
A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...
Prometheus: remote read endpoint allows denial of service via crafted snappy payload
...
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...
CVE-2026-42154
Prometheus (open-source monitoring/time-series database) is affected by CVE-2026-42154. Before versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker c...
CVE-2026-42154
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...
CVE-2026-42154
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...
Denial Of Service (DoS)
github.com/prometheus/prometheus is vulnerable to denial of service DoS attacks. The vulnerability exists due to the lack of limit checks of the remote read endpoint, allowing large amount of data to be written in the server's memory, causing a DoS attack...