34 matches found
CVE-2026-47073
CVE-2026-47073 affects hackney WebSocket client (src/hackney_ws.erl) causing unbounded memory growth via three paths: read_handshake_response/3 accumulates an unbounded buffer due to lack of size cap; parse_payload/9 and parse_active_payload/8 do not enforce a maximum frame payload length; and fr...
Linux Distros Unpatched Vulnerability : CVE-2026-8466
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart...
EUVD-2026-30266
Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service...
GHSA-468C-VQ7P-GH64 Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service
Summary An Allocation of Resources Without Limits or Throttling vulnerability in Plug.Conn.readpartheaders/2 allows an unauthenticated attacker to exhaust server memory by sending a crafted multipart/form-data request, causing a denial of service. Details Plug.Conn.readpartheaders/2 in...
Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service
Summary An Allocation of Resources Without Limits or Throttling vulnerability in Plug.Conn.readpartheaders/2 allows an unauthenticated attacker to exhaust server memory by sending a crafted multipart/form-data request, causing a denial of service. Details Plug.Conn.readpartheaders/2 in...
CVE-2026-8468
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
CVE-2026-8468
Summary (facts from sources): CVE-2026-8468 describes an unbounded memory accumulation in multipart header parsing within Elixir Plug (plug_project) andCowboy-derived code. The root cause is in plug_multipart:parse_headers/2 (and read_part_headers/2 in lib/plug/conn.ex) which accumulates incoming...
EEF-CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
Summary Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper...
PT-2026-40905
Name of the Vulnerable Software and Affected Versions plug versions 1.4.0 through 1.15.3 plug version 1.16.3 plug version 1.17.1 plug version 1.18.2 plug version 1.19.2 Description An unbounded buffer accumulation issue exists during multipart header parsing. The function read part headers/2 in...
GHSA-JFC2-Q6QH-G5X8 Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...
Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...
CVE-2026-8466
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...
CVE-2026-8466
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...
CVE-2026-8466
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...
CVE-2026-8466
CVE-2026-8466 affects the Cowboy web server (ninenines) prior to 2.15.0. The issue is an unbounded memory growth vulnerability in multipart header parsing: cowboy_req:read_part/3 accumulates request bytes into a Buffer without an upper-bound check, and when cow_multipart:parse_headers/2 returns m...
CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...
PT-2026-40763
Name of the Vulnerable Software and Affected Versions cowboy versions 2.0.0 through 2.14.x Description An issue in multipart header parsing allows an unauthenticated attacker to cause a denial of service via unbounded buffer accumulation. The function read part in src/cowboy req.erl accumulates...
CVE-2026-42348
OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...
CVE-2026-42348 OpAMP client reads unbounded HTTP response bodies
OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...