THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-35469 (MEDIUM 6.5) — spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count,

[NVD] CVE-2026-35469 (MEDIUM 6.5) — spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count,

lownvdPublished 2026-04-16

CVE-2026-35469 CVSS: 6.5 MEDIUM Published: 2026-04-16T22:16:37.920

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and indiv

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-35469