Description

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.

INFO

Published Date :

2026-04-09T14:43:55.684Z

Last Modified :

2026-04-09T14:43:55.684Z

Source :

certcc
AFFECTED PRODUCTS

The following products are affected by CVE-2026-5440 vulnerability.

Vendors Products
Orthanc
  • Dicom Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5440.

URL Resource
https://kb.cert.org/vuls/id/536588 cve-icon cve-icon
https://www.machinespirits.de/ cve-icon cve-icon
https://www.orthanc-server.com/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System