24h | 7d | 30d

CVE-2026-43500

Overview

  • Linux
  • Linux
11 May 2026
Published
14 May 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-owned paged fragments (e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via __ip_append_data, or a chained skb_has_frag_list()) falls through to the in-place decryption path, which binds the frag pages directly into the AEAD/skcipher SGL via skb_to_sgvec(). Extend the gate to also unshare when skb_has_frag_list() or skb_has_shared_frag() is true. This catches the splice-loopback vector and other externally-shared frag sources while preserving the zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC page_pool RX, GRO). The OOM/trace handling already in place is reused.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture fallback
InfoQ @infoq

Two recent #Linux kernel vulnerabilities have been disclosed:
➡️ Copy Fail (CVE-2026-31431)
➡️ Dirty Frag (CVE-2026-43284 & CVE-2026-43500)

Both vulnerabilities exploit flaws in the page cache via different subsystems, necessitating immediate patching by affected organizations.

More details on #InfoQ ➡️ bit.ly/4dHOx47

#DevOps #SecurityVulnerabilities

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-43969

Overview

  • ninenines
  • cowlib
  • cowlib
11 May 2026
Published
12 May 2026
Updated
CVSS v4.0
LOW (2.1)
EPSS
0.02%
KEV

Description

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cow_cookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs without validating either field. An attacker who controls the cookie names or values passed to this function can inject ;, ,, CR, LF, or TAB characters into the serialized header. This enables two classes of attack: cookie smuggling within a single header (e.g. injecting "; admin=1" to introduce a phantom cookie that the receiving server treats as authentic) and HTTP request header splitting (injecting CRLF to append arbitrary headers or smuggle a complete second request against a shared upstream proxy). The decoder side (parse_cookie_name/1, parse_cookie_value/1) and setcookie/3 already validate and reject these characters; the encoder alone is missing the check. This issue affects cowlib from 2.9.0.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Tyler A. Young 🧑🏻‍💻⚗️ @tylerayoung

There have been a heap of CVEs published against the typical #ElixirLang + Phoenix web stack in the last few days. If your mix.lock has any of:

- cowboy < 2.15.0
- cowlib < 2.16.1
- plug < 1.19.2
- bandit < 1.11.1

...you may be vulnerable!

CVEs:

- cna.erlef.org/cves/CVE-2026-84
- cna.erlef.org/cves/CVE-2026-43
- cna.erlef.org/cves/CVE-2026-77
- cna.erlef.org/cves/CVE-2026-43
- cna.erlef.org/cves/CVE-2026-84

  • 2
  • 1
  • 0
  • 13h ago

CVE-2026-8466

Overview

  • ninenines
  • cowboy
  • cowboy
13 May 2026
Published
14 May 2026
Updated
CVSS v4.0
HIGH (8.2)
EPSS
0.02%
KEV

Description

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboy_req:read_part/3 in src/cowboy_req.erl accumulates incoming request bytes into a Buffer binary with no upper-bound check. When cow_multipart:parse_headers/2 returns more or {more, Buffer2}, the function reads up to Length bytes (default 64 KB) from the request body and recurses with the enlarged buffer. There is no equivalent of the byte_size(Acc) > Length guard present in the sibling function read_part_body/4. An unauthenticated attacker can send a multipart/form-data request whose body never yields a complete header section — for example, a body that never contains the advertised boundary delimiter, or one whose header lines never contain \r\n\r\n — and force the server process to accumulate memory linearly with the bytes the protocol layer is willing to deliver. A handful of concurrent such uploads is sufficient to exhaust BEAM memory. This issue affects cowboy from 2.0.0 before 2.15.0.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Tyler A. Young 🧑🏻‍💻⚗️ @tylerayoung

There have been a heap of CVEs published against the typical #ElixirLang + Phoenix web stack in the last few days. If your mix.lock has any of:

- cowboy < 2.15.0
- cowlib < 2.16.1
- plug < 1.19.2
- bandit < 1.11.1

...you may be vulnerable!

CVEs:

- cna.erlef.org/cves/CVE-2026-84
- cna.erlef.org/cves/CVE-2026-43
- cna.erlef.org/cves/CVE-2026-77
- cna.erlef.org/cves/CVE-2026-43
- cna.erlef.org/cves/CVE-2026-84

  • 2
  • 1
  • 0
  • 13h ago

CVE-2026-8468

Overview

  • elixir-plug
  • plug
  • plug
14 May 2026
Published
14 May 2026
Updated
CVSS v4.0
HIGH (8.2)
EPSS
0.28%
KEV

Description

Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':read_part_headers/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on the size of the accumulated buffer. By contrast, the sibling function read_part_body has an explicit byte_size(acc) > length guard that stops accumulation once a limit is reached. No such guard exists in read_part_headers. An unauthenticated remote attacker can exhaust server memory by sending a crafted multipart/form-data request, causing a denial of service. This issue affects plug from 1.4.0 before 1.15.4, 1.16.3, 1.17.1, 1.18.2, and 1.19.2.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Tyler A. Young 🧑🏻‍💻⚗️ @tylerayoung

There have been a heap of CVEs published against the typical #ElixirLang + Phoenix web stack in the last few days. If your mix.lock has any of:

- cowboy < 2.15.0
- cowlib < 2.16.1
- plug < 1.19.2
- bandit < 1.11.1

...you may be vulnerable!

CVEs:

- cna.erlef.org/cves/CVE-2026-84
- cna.erlef.org/cves/CVE-2026-43
- cna.erlef.org/cves/CVE-2026-77
- cna.erlef.org/cves/CVE-2026-43
- cna.erlef.org/cves/CVE-2026-84

  • 2
  • 1
  • 0
  • 13h ago

CVE-2026-7790

Overview

  • ninenines
  • cowlib
  • cowlib
11 May 2026
Published
12 May 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication (Len * 16 + digit), so parsing N hex digits requires O(N²) CPU work and O(N) memory. Additionally, when input is drip-fed, the parser discards the accumulated length on each partial read and restarts from zero on resumption, raising the cost to O(N³). An unauthenticated remote attacker can exploit this by sending an HTTP/1.1 request with Transfer-Encoding: chunked and a very long chunk-size hex string to cause denial of service through CPU exhaustion and memory amplification. This vulnerability is associated with program file src/cow_http_te.erl and program routines cow_http_te:stream_chunked/2, cow_http_te:chunked_len/4. This issue affects cowlib: from 0.6.0 before 2.16.1.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Tyler A. Young 🧑🏻‍💻⚗️ @tylerayoung

There have been a heap of CVEs published against the typical #ElixirLang + Phoenix web stack in the last few days. If your mix.lock has any of:

- cowboy < 2.15.0
- cowlib < 2.16.1
- plug < 1.19.2
- bandit < 1.11.1

...you may be vulnerable!

CVEs:

- cna.erlef.org/cves/CVE-2026-84
- cna.erlef.org/cves/CVE-2026-43
- cna.erlef.org/cves/CVE-2026-77
- cna.erlef.org/cves/CVE-2026-43
- cna.erlef.org/cves/CVE-2026-84

  • 2
  • 1
  • 0
  • 13h ago

CVE-2026-43968

Overview

  • ninenines
  • cowlib
  • cowlib
11 May 2026
Published
12 May 2026
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
0.04%
KEV

Description

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefix_lines/2 function used for data and comment fields splits only on \n. Because the SSE specification requires decoders to treat \r\n, \r, and \n as equivalent line terminators, an attacker who controls any of these fields can inject additional SSE lines and forge a complete event with an arbitrary event type and data payload on the receiving end. In typical deployments where browser EventSource clients or other SSE consumers dispatch on event.type and render event.data, this enables event splitting, client-side logic manipulation, and stored-XSS-equivalent behaviour when event data is inserted into the DOM. This issue affects cowlib from 2.6.0 before 2.16.1.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Tyler A. Young 🧑🏻‍💻⚗️ @tylerayoung

There have been a heap of CVEs published against the typical #ElixirLang + Phoenix web stack in the last few days. If your mix.lock has any of:

- cowboy < 2.15.0
- cowlib < 2.16.1
- plug < 1.19.2
- bandit < 1.11.1

...you may be vulnerable!

CVEs:

- cna.erlef.org/cves/CVE-2026-84
- cna.erlef.org/cves/CVE-2026-43
- cna.erlef.org/cves/CVE-2026-77
- cna.erlef.org/cves/CVE-2026-43
- cna.erlef.org/cves/CVE-2026-84

  • 2
  • 1
  • 0
  • 13h ago
Showing 61 to 66 of 66 CVEs