CVE-2026-35469

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-35469

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-35469.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2026-35469

Aliases

GHSA-pc3f-x583-g7j2

Downstream

BELL-CVE-2026-35469

CLEANSTART-2026-DN20646

DEBIAN-CVE-2026-35469

MINI-24h3-xc58-4q2g

MINI-27g5-vjcj-g8r7

MINI-2cp2-vjhc-x5f3

MINI-2hv6-2px8-982q

MINI-343j-7vr2-3298

MINI-3745-j6ww-8h89

MINI-3hmq-pgvq-5r3f

MINI-3vv7-2cw8-c3mh

MINI-42gr-7q29-qxwj

MINI-4fx2-gc5q-8q2f

MINI-4jjx-pfgg-9mhr

MINI-4jpp-grv3-hjc8

MINI-4p36-p7cw-hf6p

MINI-54qv-rj3m-75wm

MINI-564m-hx4w-5pqh

MINI-58vc-r9w4-v596

MINI-5c62-2jg7-w98w

MINI-5f69-m3x2-jx35

MINI-5fwc-v6h3-8f22

MINI-5jc6-4pvq-9rg2

MINI-5qh5-mg9m-xxg8

MINI-5qmc-wwg8-39q8

MINI-5rjg-vq92-4p85

MINI-693c-85q8-37hf

MINI-69p7-fwqv-jqpg

MINI-6jq2-f9r2-6hvg

MINI-6mc6-4v46-74h9

MINI-6p2p-gwx7-ghgh

MINI-6phw-c5f8-4548

MINI-7838-vpfj-29rh

MINI-79f9-mchx-cg6j

MINI-7gw5-j76f-pwwr

MINI-7jf7-2c4p-qrg9

MINI-7m25-3m5v-qfww

MINI-7p2f-4hq8-6rcq

MINI-7vxh-fx3m-4qrj

MINI-84mp-668x-jmgg

MINI-8c4h-988h-f9p6

MINI-8f73-8qhw-c5f5

MINI-8g62-f24w-mj8q

MINI-8hv2-2cqw-95j4

MINI-8xwg-5gwv-4vm2

MINI-92vg-fjj2-3pvv

MINI-9f76-25j3-vwwr

MINI-9gqm-wc76-547p

MINI-9h5w-mrf8-59pf

MINI-9wmc-75f4-m424

MINI-c2wq-3xfc-gch3

MINI-c72c-vgv5-826p

MINI-cc3f-2956-4cf5

MINI-cfcj-wrjf-3pw6

MINI-cp2j-8jc4-c2m2

MINI-f7hg-6wv2-q5qh

MINI-f94m-782v-76qh

MINI-fc99-qcg4-hqfv

MINI-ffrr-5hx7-94x8

MINI-fhv5-5g93-p9f5

MINI-fm4w-c3p5-gqcj

MINI-fp6f-cm77-8jxv

MINI-fr9p-8wqg-hvhq

MINI-g7vh-m6w5-733r

MINI-g892-3jv5-6q5r

MINI-g8c4-xf8p-3r5g

MINI-gch7-hrcg-8wcf

MINI-ggp9-f74g-22w2

MINI-gh7q-wgpg-vrgf

MINI-gq3r-hmr2-qggm

MINI-h47p-25f5-c533

MINI-h573-h3xr-gf7f

MINI-h5j7-37p3-c97r

MINI-h6r2-923x-h9fc

MINI-hpgj-h5g6-gx86

MINI-j5c3-vjmg-pr3w

MINI-j5w3-6rp5-pqxr

MINI-j8cx-25pc-x33v

MINI-j9jc-65wf-q79j

MINI-jh3v-f8q2-pm57

MINI-jhc9-q2wf-9mq8

MINI-jhgr-c3v9-4qh5

MINI-jjc8-62qr-2cw5

MINI-jjc9-m7c4-p47x

MINI-jp52-65rq-68c6

MINI-jwmw-7m6v-gr9q

MINI-m386-83ff-p2g7

MINI-m832-276p-cpq4

MINI-m845-mpmc-6f48

MINI-mc2m-q9c5-85xq

MINI-mc8p-7c94-6prg

MINI-mp9w-vqqp-v5xf

MINI-mvfx-pmq6-36qf

MINI-mvgp-xwrx-jp3g

MINI-mxf7-jh32-cq22

MINI-p25q-pf8p-37xg

MINI-p2rw-cpmj-w4fp

MINI-pfc8-92f6-x2rv

MINI-pmg7-9m59-83j3

MINI-pmvw-9fpx-g69q

MINI-pv2p-c7rq-254f

MINI-q26v-2xh4-mm3h

MINI-q3f4-h2hm-gq66

MINI-q8gf-67rc-p66c

MINI-qg3g-6mx2-j9m6

MINI-qp22-c236-vcv4

MINI-qpc2-xprm-39w8

MINI-qpr5-xfr9-x64x

MINI-qw6w-5w6c-qhch

MINI-r5hg-qv85-qvq9

MINI-r78p-684r-3xmx

MINI-r9mp-v348-v7gr

MINI-rgff-5ggf-jhc4

MINI-rrrp-px69-x9j9

MINI-rv94-wrxv-34mw

MINI-v479-9v36-mm43

MINI-v4w4-7rqf-hp35

MINI-v5j3-hr5p-rgrx

MINI-v67c-7q9r-g8q4

MINI-v97r-4j9r-7m2g

MINI-vqrr-4864-c2c3

MINI-vxhm-wqcr-c8qr

MINI-w7mp-g7jp-3qg8

MINI-w8q2-rhp6-586q

MINI-w9mh-vj3h-jp5f

MINI-wcg3-x7vf-mg95

MINI-wgcw-f2x6-xf89

MINI-wjfc-rm7q-6gf8

MINI-wm5w-27v3-v8wg

MINI-wrf8-mq4f-mf9f

MINI-wv35-8wvq-765c

MINI-x365-9387-22g2

MINI-x39w-2xvw-9735

MINI-x52r-38mg-6hv6

MINI-xg2c-m7r7-vpv4

MINI-xq45-xv8f-hwjq

MINI-xrrv-7gfh-cw7p

MINI-xw32-75wj-23xw

MINI-xw9q-jwc3-9gpx

ROOT-APP-GOBINARY-CVE-2026-35469

UBUNTU-CVE-2026-35469

Related

CGA-v7gj-rrxh-8985

Published

2026-04-16T21:19:23.516Z

Modified

2026-04-18T04:19:15.166213Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

SpdyStream: DOS on CRI

Details

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and individual header field sizes — all read as 32-bit integers and used directly as allocation sizes with no bounds checking. Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled values. A remote peer that can send SPDY frames to a service using spdystream can exhaust process memory and cause an out-of-memory crash with a single crafted control frame. This issue has been fixed in version 0.5.1.

Database specific

{
    "cwe_ids": [
        "CWE-770"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/35xxx/CVE-2026-35469.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/moby/spdystream

Affected ranges

Type

GIT

Repo

https://github.com/moby/spdystream

Events

Introduced

Fixed

c59e5d73daa301bde452ea77545bdf51e32554a2

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.5.1"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v0.*

v0.1.0

v0.2.0

v0.3.0

v0.4.0

v0.5.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-35469.json"