VYPR

Cowlib

by Ninenines

hex: cowlib

Source repositories

CVEs (5)

  • CVE-2026-43970HigMay 13, 2026
    risk 0.46cvss epss 0.01

    Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cow_spdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output…

  • CVE-2026-7790HigMay 11, 2026
    risk 0.42cvss 7.5epss 0.00

    Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication…

  • CVE-2026-43966MedJun 8, 2026
    risk 0.34cvss epss 0.00

    Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cow_http_struct_hd:escape_string/2 in cowlib only escapes \ and…

  • CVE-2026-43968MedMay 11, 2026
    risk 0.19cvss 4.0epss 0.00

    Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal…

  • CVE-2026-43969LowMay 11, 2026
    risk 0.14cvss 3.2epss 0.00

    Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cow_cookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list…