228 matches found
GO-2026-4958 Uncontrolled resource consumption when parsing SPDY frames in github.com/moby/spdystream
The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames,...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.23 security and extras update
Red Hat OpenShift Container Platform release 4.20.23 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a security impact of...
CVE-2026-43970
A flaw was found in cowlib. This vulnerability, categorized as Improper Handling of Highly Compressed Data Data Amplification, allows an unauthenticated remote attacker to cause a denial of service DoS. By sending a specially crafted SPDY frame, the cowspdy:inflate/2 function in cowlib passes...
cowlib: Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
EUVD-2026-30131
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
GHSA-84F2-RP86-235P cowlib: Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
DEBIAN-CVE-2026-43970
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
UBUNTU-CVE-2026-43970
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
CVE-2026-43970
CVE-2026-43970 affects ninenines cowlib (cow_spdy:inflate/2) where peer-supplied SPDY payloads are passed directly to zlib:inflate/2 without an output-size bound. This can enable unauthenticated remote denial of service via memory exhaustion, as SPDY compression uses a public dictionary (?ZDICT) ...
CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
EEF-CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
Summary Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. T...
CVE-2026-43970
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
CVE-2026-43970
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
Cowlib 安全漏洞
Cowlib is a web protocol message parsing and building library developed by Nine Nines. Versions of Cowlib from 0.1.0 to 2.16.1 contained security vulnerabilities. These vulnerabilities were due to improper handling of highly compressed data. The cowspdy:inflate/2 function did not limit the output...
Unity Linux 20.1050e / 20.1070e Security Update: kubernetes (UTSA-2026-016795)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016795 advisory. spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled...
OESA-2026-2162 kubernetes security update
Container cluster management. Security Fixes: A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this...
CLEANSTART-2026-WL14185 spdystream is a Go library for multiplexing streams over SPDY connections
Multiple security vulnerabilities affect the velero-fips package. spdystream is a Go library for multiplexing streams over SPDY connections. See references for individual vulnerability details...
CLEANSTART-2026-VN02574 spdystream is a Go library for multiplexing streams over SPDY connections
Multiple security vulnerabilities affect the velero-fips package. spdystream is a Go library for multiplexing streams over SPDY connections. See references for individual vulnerability details...
SUSE CVE-2026-35469
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...
SpdyStream: DOS on CRI
...