76 matches found
CVE-2026-32873 ewe: Loop with Unreachable Exit Condition ('Infinite Loop')
ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handletrailers function where rejected trailer headers forbidden or undeclared cause an infinite loop. When handletrailers encounters such a trailer, three code paths lines 520, 523, 526 recurse with the original buffer...
ewe 安全漏洞
ewe is a lightweight web server build package developed by Vladislav Shakitskiy. Versions of ewe 3.0.4 and earlier contained security vulnerabilities; these vulnerabilities stemmed from an infinite loop in the handletrailers function, which could lead to a denial-of-service attack...
PT-2026-26174
Summary ewe's handle trailers function contains a bug where rejected trailer headers forbidden or undeclared cause an infinite loop. The function recurses with the original unparsed buffer instead of advancing past the rejected header, re-parsing the same header forever. Each malicious request...
OPENSUSE-SU-2026:20295-1 Security update for cpp-httplib
This update for cpp-httplib fixes the following issues: - CVE-2025-53629: header can allocate memory arbitrarily in the server, potentially leading to its exhaustion bsc1246471. - CVE-2025-53628: HTTP header smuggling due to insecure trailers merge bsc1246468...
SUSE-SU-2026:20600-1 Security update for cpp-httplib
This update for cpp-httplib fixes the following issues: - CVE-2025-53629: header can allocate memory arbitrarily in the server, potentially leading to its exhaustion bsc1246471. - CVE-2025-53628: HTTP header smuggling due to insecure trailers merge bsc1246468...
CVE-2025-12642
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...
EUVD-2018-1777
Malware in sbrugna...
EUVD-2025-26392
Malicious code in bioql PyPI...
OESA-2025-2232 python-eventlet security update
Eventlet is a concurrent networking library for Python that allows you to change how you run your code, not how you write it. Security Fixes: Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to...
MGASA-2025-0232 Updated curl packages fix security vulnerability
curl is susceptible to an out-of-bounds read in the cookie handler that could either cause a crash or potentially make allow a clear-text site to override the contents of a secure cookie. This release also fixes a rare memory leak in HTTP trailers...
Updated curl packages fix security vulnerability
curl is susceptible to an out-of-bounds read in the cookie handler that could either cause a crash or potentially make allow a clear-text site to override the contents of a secure cookie. This release also fixes a rare memory leak in HTTP trailers...
SUSE CVE-2025-58068
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...
DEBIAN-CVE-2025-58068
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...
UBUNTU-CVE-2025-58068
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...
CVE-2025-58068 Eventlet affected by HTTP request smuggling in unparsed trailers
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...
CVE-2025-58068 Eventlet affected by HTTP request smuggling in unparsed trailers
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...
CVE-2025-58068
Eventlet before 0.40.3 is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections in the WSGI parser. The issue can allow bypassing front‑end security controls, targeted attacks on active site users, and web cache poisoning. The problem has been fixed in Eventlet 0....
CVE-2025-58068
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...
CVE-2025-58068 Eventlet affected by HTTP request smuggling in unparsed trailers
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...
GHSA-HW6F-RJFJ-J7J7 Eventlet affected by HTTP request smuggling in unparsed trailers
Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches Patches Problem has...