2 matches found
GHSA-84F2-RP86-235P cowlib: Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
Cowlib 安全漏洞
Cowlib is a web protocol message parsing and building library developed by Nine Nines. Versions of Cowlib from 0.1.0 to 2.16.1 contained security vulnerabilities. These vulnerabilities were due to improper handling of highly compressed data. The cowspdy:inflate/2 function did not limit the output...