EUVD-2026-36012

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...

CVE-2026-52753 Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded nesting of composite buffers in the SCTP message reassembly process. An attacker can exhaust system memory and cause a denial of service by sending a large number of...

CVE-2026-8466

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

...

CVE-2026-47073

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...

CVE-2026-47073

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...

EUVD-2026-31694

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...

CVE-2026-47073 Unbounded memory consumption in WebSocket client in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...

CVE-2026-47073

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...

PT-2026-43070

Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0 through 4.0.0 Description The WebSocket client in src/hackney ws.erl lacks upper bounds on memory consumption across three code paths, allowing for flooding. First, the read handshake response/3 function accumulates...

Security Bulletin: Netty Decompression Decoders Allow Unbounded Buffer Allocation Leading to DoS (Fixed in 4.1.125/4.2.5)

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially...

netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

A flaw was found in Netty. With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service...

RockyLinux 9 : redis:7 (RLSA-2025:7429)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7429 advisory. redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client CVE-2025-21605 Tenable has extracted the preceding...

CVE-2025-58057

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...

DEBIAN-CVE-2025-58057

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...

PT-2021-21143 · Unknown · Grpc Swift

Name of the Vulnerable Software and Affected Versions: gRPC Swift versions 1.1.0 and earlier Description: The issue allows remote attackers to cause uncontrolled resource consumption and deny service due to the allocation of buffers of arbitrary length when parsing messages. This can lead to...