30 matches found
CVE-2026-25627 nanomq: OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...
EUVD-2019-4244
Malware in sbrugna...
EUVD-2023-37227
Malicious code in bioql PyPI...
BIT-LIBPYTHON-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines()
Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...
CVE-2023-33038
Memory corruption while receiving a message in Bus Socket Transport Server...
CVE-2025-21669
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause issues when we access...
CVE-2025-21670 vsock/bpf: return early if transport is not assigned
In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed...
Unbounded memory buffering in SelectorSocketTransport.writelines()
...
python: Unbounded memory buffering in SelectorSocketTransport.writelines()
A flaw was found in Python. In certain configurations, the asyncio.SelectorSocketTransport.writelines method fails to signal the protocol to clear the write buffer when it approaches capacity. Because of this, protocols would not periodically drain the write buffer, potentially leading to a denia...
python: Unbounded memory buffering in SelectorSocketTransport.writelines()
A flaw was found in Python. In certain configurations, the asyncio.SelectorSocketTransport.writelines method fails to signal the protocol to clear the write buffer when it approaches capacity. Because of this, protocols would not periodically drain the write buffer, potentially leading to a denia...
python: Unbounded memory buffering in SelectorSocketTransport.writelines()
A flaw was found in Python. In certain configurations, the asyncio.SelectorSocketTransport.writelines method fails to signal the protocol to clear the write buffer when it approaches capacity. Because of this, protocols would not periodically drain the write buffer, potentially leading to a denia...
CVE-2024-12254
Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the SelectorSocketTransport.writelines method not draining its buffers, when Protocols are in use. An attacker can cause this behavior which eventually exhausts available memor...
CVE-2023-33038
Memory corruption while receiving a message in Bus Socket Transport Server...
Memory corruption
Memory corruption while receiving a message in Bus Socket Transport Server...
CVE-2023-33038
CVE-2023-33038 refers to a memory corruption vulnerability in the Qualcomm Bus Socket Transport Server, triggered while receiving a message. Public documentation links this to Qualcomm’s January 2024 bulletin, which lists CVE-2023-33038 under closed‑source Qualcomm components and notes that patch...
CVE-2023-33038 Integer Overflow or Wraparound in Radio Interface Layer
Memory corruption while receiving a message in Bus Socket Transport Server...
CVE-2023-33038 Integer Overflow or Wraparound in Radio Interface Layer
Memory corruption while receiving a message in Bus Socket Transport Server...
Phoenix framework 安全漏洞
Phoenix framework is Phoenix framework open source a functional programming language Elixir written in the Web development framework. A security vulnerability exists in Phoenix framework versions prior to 1.6.14, which stems from its socket/transport.ex incorrectly handling the checkorigin wildca...
PT-2022-26688 · Phoenix · Phoenix
Name of the Vulnerable Software and Affected Versions: Phoenix versions prior to 1.6.14 Description: The issue arises from the mishandling of check origin wildcarding in the socket/transport.ex file. This does not affect LiveView applications by default due to the presence of a LiveView CSRF toke...