Lucene search
+L
BenoitcHackney

5 matches found

CVE
CVE
added 2026/05/25 2:0 p.m.46 views

CVE-2026-47067

Affected software: hackney (Erlang HTTP client). Vulnerability description: The URL parser in src/hackney_url.erl converts every unrecognized URL scheme to a permanent BEAM atom via binary_to_atom/2. BEAM atoms are never garbage-collected, and the atom table maxes out at 1,048,576 entries. An att...

8.7CVSS5.8AI score0.00703EPSS
CVE
CVE
added 2026/05/25 2:0 p.m.39 views

CVE-2026-47073

CVE-2026-47073 affects hackney WebSocket client (src/hackney_ws.erl) causing unbounded memory growth via three paths: read_handshake_response/3 accumulates an unbounded buffer due to lack of size cap; parse_payload/9 and parse_active_payload/8 do not enforce a maximum frame payload length; and fr...

8.7CVSS5.9AI score0.00825EPSS
CVE
CVE
added 2026/05/25 2:0 p.m.30 views

CVE-2026-47077

The CVE affects hackney (versions 2.0.0–4.0.0) due to an unbounded in-memory accumulation in hackney_h3:await_response_loop/6, where HTTP/3 response chunks are buffered without a cap. A malicious server can keep sending small chunks, preventing loop termination and exhausting the BEAM heap, leadi...

8.2CVSS5.9AI score0.00703EPSS
CVE
CVE
added 2026/05/25 2:0 p.m.26 views

CVE-2026-47071

The vulnerability CVE-2026-47071 affects benoitc hackney (from 0.10.0 up to 4.0.0). The SOCKS5 transport (src/hackney_socks5.erl) forwards the caller timeout through SOCKS5 negotiation but upgrades to TLS with ssl:connect/2, which defaults to an infinite timeout. The Timeout in scope at the call ...

8.2CVSS5.7AI score0.00703EPSS
CVE
CVE
added 2026/05/25 2:0 p.m.23 views

CVE-2026-47066

CVE-2026-47066 describes an Infinite Loop in the Alt-Svc header parser of benoitc’s hackney. The vulnerable component is the Alt-Svc response header parser (src/hackney_altsvc.erl); when parse_token/2 receives certain inputs, it may return the input unchanged, and skip_comma/1 can fail to progres...

8.7CVSS6AI score0.00703EPSS