Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

Node.js Module Undici 8.1.x < 8.5.0 DoS (CVE-2026-9675)

The nodejs module Undici detected on the host is version 8.1.x prior to 8.5.0. It is, therefore, affected by a denial of service vulnerability: - The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious...

7.5CVSS6.4AI score0.00426EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 2:28 p.m.13 views

EUVD-2026-37752

undici WebSocket client vulnerable to denial of service via cumulative fragment bypass...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/17 6:22 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of WebSocket message fragments. An attacker can cause unbounded memory growth and exhaust system...

8.7CVSS5.9AI score0.00789EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of fragmented WebSocket messages. An attacker can cause unbounded memory growth and exhaust system...

8.7CVSS5.9AI score0.00426EPSS
Exploits0References2
OSV
OSV
added 2026/05/01 8:34 p.m.3 views

CVE-2026-42786 WebSocket fragmented message reassembly unbounded in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends every incomi...

8.7CVSS6AI score0.00549EPSS
Exploits0References9
Hacker One
Hacker One
added 2025/08/18 4:7 p.m.24 views

curl: WebSocket Fragmentation DoS on Curl Client

Summary A malicious WebSocket server can send a fragmented message FIN=0 followed by a flood of continuation frames, causing the client curl to continuously allocate memory while waiting for message completion. This can result in high memory usage and potential crash OOM, representing a...

7AI score
Exploits0
Rows per page
Query Builder