THREAT OPS › Threat News › [NVD] CVE-2026-35469 (MEDIUM 6.5) — spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count,
[NVD] CVE-2026-35469 (MEDIUM 6.5) — spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count,
CVE-2026-35469 CVSS: 6.5 MEDIUM Published: 2026-04-16T22:16:37.920
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and indiv
Indicators of compromise
- CVE-2026-35469cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-35469