CVE-2026-7790: CWE-400 Uncontrolled Resource Consumption in ninenines cowlib
CVE-2026-7790 is a high-severity uncontrolled resource consumption vulnerability in the ninenines cowlib HTTP library, specifically in the chunked transfer-encoding parser. The parser accepts an unbounded number of hex digits in the chunk-size field, causing quadratic CPU and linear memory usage, which can escalate to cubic CPU usage when input is drip-fed. An unauthenticated remote attacker can exploit this by sending a crafted HTTP/1. 1 request with a very long chunk-size hex string, leading to denial of service through CPU exhaustion and memory amplification. This affects cowlib versions from 0. 6. 0 before 2. 16. 1. No official patch or remediation guidance is currently provided by the vendor.
AI Analysis
Technical Summary
The vulnerability in ninenines cowlib's cow_http_te module arises from its chunked transfer-encoding parser accepting an unbounded length of hex digits in the chunk-size field. Each hex digit triggers a bignum multiplication, resulting in O(N²) CPU complexity and O(N) memory usage for N digits. When the input is drip-fed, the parser restarts length calculation on each partial read, increasing CPU complexity to O(N³). This flaw allows an unauthenticated remote attacker to send an HTTP/1.1 request with Transfer-Encoding: chunked and an excessively long chunk-size hex string to cause denial of service by exhausting CPU and memory resources. The affected versions include cowlib from 0.6.0 up to but not including 2.16.1. The vulnerability is tracked as CWE-400 (Uncontrolled Resource Consumption). No patch or official remediation level is currently documented.
Potential Impact
Successful exploitation results in denial of service due to excessive CPU consumption and memory amplification on the affected server running vulnerable cowlib versions. The attack requires no authentication and can be triggered remotely via crafted HTTP requests, potentially disrupting service availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider implementing network-level protections such as rate limiting or filtering suspicious HTTP chunked requests to mitigate potential exploitation. Monitor for unusual CPU and memory usage patterns indicative of this attack vector.
CVE-2026-7790: CWE-400 Uncontrolled Resource Consumption in ninenines cowlib
Description
CVE-2026-7790 is a high-severity uncontrolled resource consumption vulnerability in the ninenines cowlib HTTP library, specifically in the chunked transfer-encoding parser. The parser accepts an unbounded number of hex digits in the chunk-size field, causing quadratic CPU and linear memory usage, which can escalate to cubic CPU usage when input is drip-fed. An unauthenticated remote attacker can exploit this by sending a crafted HTTP/1. 1 request with a very long chunk-size hex string, leading to denial of service through CPU exhaustion and memory amplification. This affects cowlib versions from 0. 6. 0 before 2. 16. 1. No official patch or remediation guidance is currently provided by the vendor.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in ninenines cowlib's cow_http_te module arises from its chunked transfer-encoding parser accepting an unbounded length of hex digits in the chunk-size field. Each hex digit triggers a bignum multiplication, resulting in O(N²) CPU complexity and O(N) memory usage for N digits. When the input is drip-fed, the parser restarts length calculation on each partial read, increasing CPU complexity to O(N³). This flaw allows an unauthenticated remote attacker to send an HTTP/1.1 request with Transfer-Encoding: chunked and an excessively long chunk-size hex string to cause denial of service by exhausting CPU and memory resources. The affected versions include cowlib from 0.6.0 up to but not including 2.16.1. The vulnerability is tracked as CWE-400 (Uncontrolled Resource Consumption). No patch or official remediation level is currently documented.
Potential Impact
Successful exploitation results in denial of service due to excessive CPU consumption and memory amplification on the affected server running vulnerable cowlib versions. The attack requires no authentication and can be triggered remotely via crafted HTTP requests, potentially disrupting service availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider implementing network-level protections such as rate limiting or filtering suspicious HTTP chunked requests to mitigate potential exploitation. Monitor for unusual CPU and memory usage patterns indicative of this attack vector.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- EEF
- Date Reserved
- 2026-05-04T18:23:21.380Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a022c3bcbff5d86104f7dbe
Added to database: 5/11/2026, 7:21:31 PM
Last enriched: 5/11/2026, 7:36:25 PM
Last updated: 5/11/2026, 8:23:51 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.