Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.8 views

netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References7
OSV
OSV
added 2026/06/15 8:46 p.m.6 views

GHSA-HVCG-QMG6-JM4C Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted

Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...

5.3CVSS5.4AI score0.00232EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/15 8:46 p.m.8 views

Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted

Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48904

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description Before reading the first request-line, the HttpObjectDecoder function silently skips all whitespace and every byte for which Character.isISOControlb is true...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/12/31 12:27 a.m.6 views

SUSE CVE-2023-54250

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...

6.6AI score0.00168EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/30 12:15 p.m.43 views

CVE-2023-54250 ksmbd: avoid out of bounds access in decode_preauth_ctxt()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...

0.00168EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-7093

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00588EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.13 views

InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...

7.5CVSS7.5AI score0.00588EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/20 12:32 p.m.8 views

GHSA-6F6X-F56Q-5XGV InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...

7.5CVSS7.2AI score0.00588EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.9 views

CVE-2024-10821 Denial of Service (DoS) in invoke-ai/invokeai

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...

7.5CVSS7.5AI score0.00588EPSS
Exploits0References1
CVE
CVE
added 2025/03/20 10:9 a.m.45 views

CVE-2024-10821

CVE-2024-10821 affects the InvokeAI server (version v5.0.1). The vulnerability lies in the multipart request boundary handling, where appending excessive characters to the end of boundaries can cause an infinite loop and exhaust CPU/memory, leading to DoS on the endpoint /api/v1/images/upload . A...

7.5CVSS7.5AI score0.00588EPSS
Exploits0References1
Rows per page
Query Builder