21 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an out-of-memory condition in spdystream Go [CVE-2026-35469]
Summary IBM Watson Speech Services Cartridge is vulnerable to an out-of-memory condition in spdystream Go, caused by a flaw in SPDY/3 frame parser that does not validate attacker-controlled counts and lengths before allocating memory CVE-2026-35469. Spdystream Go is used in our speech utilities...
ROOT-APP-GOBINARY-CVE-2026-35469 CVE-2026-35469 in rootio-github.com/moby/spdystream - Patched by Root
Root has patched CVE-2026-35469 in the rootio-github.com/moby/spdystream package for Root:Go. Multiple fixed versions available...
Security Bulletin: IBM Engineering Lifecycle Management on Hybrid Cloud multiple vulnerabilities addressed
Summary This release addresses security vulnerabilities in application and operator images of ELM on Hybrid cloud offering. Identified vulnerabilities identified below relate to the underlying OS packages and language dependencies which impacts the product within the deployed environment. Two of...
SUSE SLES15 Security Update : kubernetes1.28 (SUSE-SU-2026:2344-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2344-1 advisory. Security fixes: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE...
SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2026:2340-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2340-1 advisory. This update for kubernetes1.23 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transpo...
SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2026:2315-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2315-1 advisory. This update for kubernetes1.23 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transpo...
SUSE-SU-2026:2342-1 Security update for kubernetes
This update for kubernetes fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265748. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service...
GO-2026-4958 Uncontrolled resource consumption when parsing SPDY frames in github.com/moby/spdystream
The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames,...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.318 Vulnerability Details CVEID:CVE-2020-25576 DESCRIPTION: An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to integer slice...
Unity Linux 20.1050e / 20.1070e Security Update: kubernetes (UTSA-2026-016795)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016795 advisory. spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled...
CLEANSTART-2026-WL14185 spdystream is a Go library for multiplexing streams over SPDY connections
Multiple security vulnerabilities affect the velero-fips package. spdystream is a Go library for multiplexing streams over SPDY connections. See references for individual vulnerability details...
CLEANSTART-2026-VN02574 spdystream is a Go library for multiplexing streams over SPDY connections
Multiple security vulnerabilities affect the velero-fips package. spdystream is a Go library for multiplexing streams over SPDY connections. See references for individual vulnerability details...
SUSE CVE-2026-35469
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...
CVE-2026-35469
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...
CVE-2026-35469
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...
CVE-2026-35469 SpdyStream: DOS on CRI
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...
SpdyStream: DOS on CRI
The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames,...
GHSA-PC3F-X583-G7J2 SpdyStream: DOS on CRI
The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames,...
EUVD-2026-23298
SpdyStream: DOS on CRI...
SpdyStream 安全漏洞
SpdyStream is a SPDY-based multiplexing stream processing library developed by Moby. Versions of SpdyStream prior to 0.5.0 contain security vulnerabilities. These vulnerabilities stem from the SPDY/3 frame parser not verifying the count and length of the frame before allocating memory. This allow...