CVE-2026-33241

Published: Mar 24, 2026 Last Modified: Mar 24, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory (OOM) conditions by sending extremely large payloads, leading to service crashes and denial of service. Version 0.89.3 contains a patch.

770

Allocation of Resources Without Limits or Throttling

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability

Potential Impacts:

Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://github.com/salvo-rs/salvo/releases/tag/v0.89.3

https://github.com/salvo-rs/salvo/security/advisories/GHSA-…

https://github.com/salvo-rs/salvo/security/advisories/GHSA-pp9r-xg4c-8j4x

CVE-2026-33241

Description

Allocation of Resources Without Limits or Throttling

Common Consequences

Applicable Platforms

Iscriviti alla newsletter