netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

SUSE CVE-2026-48043

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2026-1605

Summary Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2026-1605, CVE-2026-1605 is a high-severity vulnerability in the Eclipse Jetty web server caused by improper resource management in the GzipHandler component. IBM Engineering Systems Design Rhapsody has resolve...

CVE-2026-48043

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

CVE-2026-48043

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

UBUNTU-CVE-2026-48043

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

EUVD-2026-36494

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

PT-2026-48688

Name of the Vulnerable Software and Affected Versions netty-codec-http2 versions prior to 4.1.135.Final netty-codec-http2 versions prior to 4.2.15.Final Description The DelegatingDecompressorFrameListener class manages HTTP/2 decompression by using a per-stream EmbeddedChannel to run decompressio...

org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests

A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...

CVE-2026-46318

A flaw was found in the Linux kernel's hugetlbfs component. An issue in the mmapprepare stage incorrectly handled memory allocation, which could lead to a lock leak if an allocation failed. This resource leak could potentially be exploited by a local attacker to cause a Denial of Service DoS by...

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the nettyunixsocketrecvFd function. An attacker can cause file descriptor leaks by sending two file descriptors at once via a Unix domain socket, leading to resource exhaustion and...

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through improper handling of TLV length in the readNextTLV function. An attacker can cause resource exhaustion and denial of service by sending a specially crafted HAProxy protocol...

Amazon Linux 2023 : docker (ALAS2023-2026-1783)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1783 advisory. The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU...

Oracle Linux 8 : bind (ELSA-2026-24339)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-24339 advisory. - Fix GSS-API resource leak CVE-2026-3039 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

bind security update

32:9.11.36-16.8 - Fix GSS-API resource leak CVE-2026-3039 - Invalid handling of CLASS != IN CVE-2026-5946...

CVE-2026-25206

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2026-25209

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2026-8671

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

Oracle Linux 8 : bind9.16 (ELSA-2026-23360)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-23360 advisory. - Fix GSS-API resource leak CVE-2026-3039 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

CVE-2026-46239

A flaw was found in the Linux kernel's media: i2c: ov5647 driver. This issue occurs because certain control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN do not properly release power management PM runtime reference counts. This oversight can lead to a resource leak, potentially resulting in a Denia...