3 matches found
CVE-2026-55079
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...
CVE-2026-55079
Coder’s GO-based provisioner vulnerability arises from NewDataBuilder allocating a byte slice using client-supplied FileSize without an upper bound. The DRPC wire limit is 4 MiB, but FileSize could be much larger, causing memory exhaustion and potential denial of service when an authenticated use...
CVE-2021-40524
In Pure-FTPd before 1.0.50, an incorrect maxfilesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. Versions 1.0.2...