CVE-2026-8466— Cowboy 安全漏洞

Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboy_req:read_part/3 in src/cowboy_req.erl accumulates incoming request bytes into a Buffer binary with no upper-bound check. When cow_multipart:parse_headers/2 returns more or {more, Buffer2}, the function reads up to Length bytes (default 64 KB) from the request body and recurses with the enlarged buffer. There is no equivalent of the byte_size(Acc) > Length guard present in the sibling function read_part_body/4. An unauthenticated attacker can send a multipart/form-data request whose body never yields a complete header section — for example, a body that never contains the advertised boundary delimiter, or one whose header lines never contain \r\n\r\n — and force the server process to accumulate memory linearly with the bytes the protocol layer is willing to deliver. A handful of concurrent such uploads is sufficient to exhaust BEAM memory. This issue affects cowboy from 2.0.0 before 2.15.0.

N/A

不加限制或调节的资源分配

Cowboy 安全漏洞

Cowboy是Nine Nines开源的一款基于Erlang/OTP的轻量高性能HTTP服务器。 Cowboy 2.0.0版本至2.15.0之前版本存在安全漏洞，该漏洞源于多部分标头解析中无限制的缓冲区累积，可能导致未经身份验证的攻击者通过发送不完整的多部分请求耗尽BEAM内存，造成拒绝服务。

N/A

N/A