7 matches found
CVE-2026-6682
In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mountvolume where fasize = fs-nfats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 Integer Overflow or Wraparound. Estimated CVSS v3.1 vector:...
CVE-2026-49140
Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurre...
CVE-2026-49140 Nanobot < 0.2.1 Denial of Service via Matrix Media Download Handler
Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurre...
CVE-2026-49140
Nanobot before version 0.2.1 contains a denial-of-service vulnerability in the Matrix channel media download handler. Authenticated room members can trigger large, concurrent media downloads by sending media events with missing or invalid size metadata, causing response bodies to materialize befo...
PT-2026-45562
Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurre...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the import process. An attacker can exhaust server storage and potentially cause service disruption by uploading compressed zip files containing files that exceed the configur...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the import process. An attacker can exhaust server storage and potentially cause service disruption by uploading compressed zip files containing files that exceed the configur...