PT-2026-33367 · Unknown · Spdystream

Published

2026-04-16

·

Updated

2026-05-26

·

CVE-2026-35469

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions spdystream versions prior to 0.5.1
Description The SPDY/3 frame parser fails to validate attacker-controlled counts and lengths before allocating memory. This occurs in three allocation paths: the SETTINGS frame entry count, the header count in the parseHeaderValueBlock() function, and individual header field sizes. These values are read as 32-bit integers and used directly for allocation without bounds checking. Since SPDY header blocks use zlib compression (a method of reducing data size), a small payload can decompress into large values. A remote peer can send a single crafted control frame to exhaust process memory, leading to an out-of-memory crash and denial of service.
Recommendations Update to version 0.5.1.

Fix

DoS

Allocation of Resources Without Limits

Weakness Enumeration

CWE-770

Related Identifiers

CLEANSTART-2026-AH59738
CLEANSTART-2026-AY53560
CLEANSTART-2026-BS27946
CLEANSTART-2026-DK45320
CLEANSTART-2026-DN20646
CLEANSTART-2026-DN70218
CLEANSTART-2026-DT92404
CLEANSTART-2026-GR41888
CLEANSTART-2026-GZ35045
CLEANSTART-2026-HI64288
CLEANSTART-2026-IP78312
CLEANSTART-2026-JC64695
CLEANSTART-2026-JO51351
CLEANSTART-2026-JV26120
CLEANSTART-2026-LT10352
CLEANSTART-2026-LU21824
CLEANSTART-2026-ML42911
CLEANSTART-2026-NT80635
CLEANSTART-2026-OD47693
CLEANSTART-2026-OX51942
CLEANSTART-2026-QO29688
CLEANSTART-2026-QX43073
CLEANSTART-2026-TH33219
CLEANSTART-2026-TT42218
CLEANSTART-2026-UJ59341
CLEANSTART-2026-UW03847
CLEANSTART-2026-UX07516
CLEANSTART-2026-VN02574
CLEANSTART-2026-WL14185
CVE-2026-35469
GHSA-PC3F-X583-G7J2
GO-2026-4958
OESA-2026-2162

Affected Products

Spdystream