Lucene search
K

4 matches found

CVE
CVE
added 2026/07/01 5:2 p.m.168 views

CVE-2026-54399

The CVE concerns Apache HttpComponents Core and a vulnerability in the HTTP/1.1 message parser causing memory exhaustion via an excessive number of headers or header length. Affected versions cited in public CVE records include 5.4.2 and earlier and 5.5-beta1 and earlier; a separate vendor-facing...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/01 5:2 p.m.4 views

CVE-2026-54399 Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

7.5CVSS6AI score0.00587EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/15 8:46 p.m.14 views

Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length

Summary RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken from the wire before the corresponding child messages exist. A small malicious header can claim a huge initial capacity. Details The...

7.5CVSS5.3AI score0.0038EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/02/04 12:0 a.m.8 views

EUVD-2025-206781

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

7.5CVSS5.5AI score0.00478EPSS
Exploits1References2
Rows per page
Query Builder