VYPR

apk package

chainguard/kcp-0.29-compat

pkg:apk/chainguard/kcp-0.29-compat

Vulnerabilities (2)

  • CVE-2026-42504HigJun 2, 2026
    affected < 0.29.3-r2fixed 0.29.3-r2

    Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

  • CVE-2026-39821CriMay 22, 2026
    affected < 0.29.3-r2fixed 0.29.3-r2

    The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in program