Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.7 views

undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...

7.5CVSS7AI score0.00759EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.5 views

SUSE CVE-2026-12151

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

5.9CVSS5.9AI score0.00759EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/06/17 4:5 p.m.9 views

CVE-2026-12151 undici WebSocket client vulnerable to denial of service via fragment count bypass

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS5.3AI score0.00759EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:3 p.m.10 views

CVE-2026-47124 Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

6.5CVSS5.2AI score0.0027EPSS
Exploits0References1
OSV
OSV
added 2026/05/23 12:18 a.m.6 views

GHSA-HVV7-HFRH-7GXJ Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by HasPermission, but the WebSocket stream treats the presence of any authenticated user ...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References3
CNVD
CNVD
added 2020/11/23 12:0 a.m.5 views

IBM Spectrum Protect Operations Center Information Disclosure Vulnerability (CNVD-2020-67638)

IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control for IBM Spectrum Protect environments. IBM Spectrum Protect Operations Center suffers from a sensitive information disclosure vulnerability caused by a failure to properly authenticate a websocket...

5.3CVSS6AI score0.01546EPSS
Exploits0References1
Rows per page
Query Builder