15 matches found
CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...
CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...
CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
EUVD-2026-20917
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
UBUNTU-CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440 Memory Exhaustion via Unbounded Content-Length
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
PT-2026-31629
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
EUVD-2025-206781
Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...
Linux Distros Unpatched Vulnerability : CVE-2025-11375
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Consul and Consul Enterprise's Consul event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. This...
GHSA-P768-C3PR-6459 Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling
Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation. This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 i.e., fixed in 1.26.3, 1.27.3...
UBUNTU-CVE-2024-45797
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....
CVE-2024-45797 LibHTP's unbounded header handling leads to denial service
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....
CVE-2024-45797
CVE-2024-45797 affects LibHTP prior to 0.5.49, where unbounded processing of HTTP request/response headers can cause excessive CPU and memory usage, leading to DoS-like slowdowns. The issue is addressed in LibHTP 0.5.49. Public disclosures in Ubuntu USN-7814-1 and Debian DLA-4295-1, and related O...
AZL-41787 CVE-2022-2879 affecting package skopeo for versions less than 1.14.4-1
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
PT-2022-19238 · Ireader +9 · Reader +9
Name of the Vulnerable Software and Affected Versions: Reader affected versions not specified Description: The issue is related to the Reader.Read function not setting a limit on the maximum size of file headers. A maliciously crafted archive could cause Reader.Read to allocate unbounded amounts ...