Lucene search
K

76 matches found

OSV
OSV
added 2026/03/20 1:13 a.m.6 views

CVE-2026-32873 ewe: Loop with Unreachable Exit Condition ('Infinite Loop')

ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handletrailers function where rejected trailer headers forbidden or undeclared cause an infinite loop. When handletrailers encounters such a trailer, three code paths lines 520, 523, 526 recurse with the original buffer...

7.5CVSS6.1AI score0.00599EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

ewe 安全漏洞

ewe is a lightweight web server build package developed by Vladislav Shakitskiy. Versions of ewe 3.0.4 and earlier contained security vulnerabilities; these vulnerabilities stemmed from an infinite loop in the handletrailers function, which could lead to a denial-of-service attack...

7.5CVSS5.8AI score0.00599EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-26174

Summary ewe's handle trailers function contains a bug where rejected trailer headers forbidden or undeclared cause an infinite loop. The function recurses with the original unparsed buffer instead of advancing past the rejected header, re-parsing the same header forever. Each malicious request...

7.5CVSS6.1AI score0.00599EPSS
Exploits1References7
OSV
OSV
added 2026/03/02 10:20 a.m.3 views

OPENSUSE-SU-2026:20295-1 Security update for cpp-httplib

This update for cpp-httplib fixes the following issues: - CVE-2025-53629: header can allocate memory arbitrarily in the server, potentially leading to its exhaustion bsc1246471. - CVE-2025-53628: HTTP header smuggling due to insecure trailers merge bsc1246468...

8.8CVSS5.8AI score0.00505EPSS
Exploits2References4
OSV
OSV
added 2026/03/02 10:16 a.m.2 views

SUSE-SU-2026:20600-1 Security update for cpp-httplib

This update for cpp-httplib fixes the following issues: - CVE-2025-53629: header can allocate memory arbitrarily in the server, potentially leading to its exhaustion bsc1246471. - CVE-2025-53628: HTTP header smuggling due to insecure trailers merge bsc1246468...

8.8CVSS5.8AI score0.00505EPSS
Exploits2References5
Debian CVE
Debian CVE
added 2025/11/03 7:36 p.m.8 views

CVE-2025-12642

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

9.1CVSS5.2AI score0.00338EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.21 views

EUVD-2018-1777

Malware in sbrugna...

9.1CVSS9AI score0.04556EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26392

Malicious code in bioql PyPI...

9.1CVSS6.3AI score0.00363EPSS
Exploits0References4
OSV
OSV
added 2025/09/12 2:24 p.m.7 views

OESA-2025-2232 python-eventlet security update

Eventlet is a concurrent networking library for Python that allows you to change how you run your code, not how you write it. Security Fixes: Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to...

9.1CVSS6.8AI score0.00363EPSS
Exploits0References2
OSV
OSV
added 2025/09/11 5:2 p.m.3 views

MGASA-2025-0232 Updated curl packages fix security vulnerability

curl is susceptible to an out-of-bounds read in the cookie handler that could either cause a crash or potentially make allow a clear-text site to override the contents of a secure cookie. This release also fixes a rare memory leak in HTTP trailers...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References3
Mageia
Mageia
added 2025/09/11 5:2 p.m.6 views

Updated curl packages fix security vulnerability

curl is susceptible to an out-of-bounds read in the cookie handler that could either cause a crash or potentially make allow a clear-text site to override the contents of a secure cookie. This release also fixes a rare memory leak in HTTP trailers...

7.5CVSS6.7AI score0.01301EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/09/01 11:22 p.m.4 views

SUSE CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

6.5CVSS6.8AI score0.00363EPSS
Exploits0References5
OSV
OSV
added 2025/08/29 10:15 p.m.5 views

DEBIAN-CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

9.1CVSS5.5AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2025/08/29 10:15 p.m.3 views

UBUNTU-CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

9.1CVSS5.8AI score0.00363EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/08/29 9:12 p.m.3 views

CVE-2025-58068 Eventlet affected by HTTP request smuggling in unparsed trailers

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

6.3CVSS6AI score0.00363EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/29 9:12 p.m.29 views

CVE-2025-58068 Eventlet affected by HTTP request smuggling in unparsed trailers

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

6.3CVSS0.00363EPSS
Exploits0References3
CVE
CVE
added 2025/08/29 9:12 p.m.64 views

CVE-2025-58068

Eventlet before 0.40.3 is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections in the WSGI parser. The issue can allow bypassing front‑end security controls, targeted attacks on active site users, and web cache poisoning. The problem has been fixed in Eventlet 0....

9.1CVSS6.2AI score0.00363EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2025/08/29 9:12 p.m.5 views

CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

9.1CVSS5.5AI score0.00363EPSS
Exploits0
OSV
OSV
added 2025/08/29 9:12 p.m.4 views

CVE-2025-58068 Eventlet affected by HTTP request smuggling in unparsed trailers

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

6.3CVSS6.5AI score0.00363EPSS
Exploits0References6
OSV
OSV
added 2025/08/29 8:8 p.m.5 views

GHSA-HW6F-RJFJ-J7J7 Eventlet affected by HTTP request smuggling in unparsed trailers

Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches Patches Problem has...

6.3CVSS6.8AI score0.00363EPSS
Exploits0References6
Rows per page
Query Builder