EUVD-2026-12095
GHSA-vxx9-2994-q338
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Lifecycle Timeline
4Description
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULT_CREDIT (e.g. 262145). On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body validation completes. When validation fails, the temporary stream is dropped and cleanup may call remove(...).expect("stream not found"), triggering a panic in the connection state machine. This is remotely reachable over a normal Yamux session and does not require authentication. This vulnerability is fixed in 0.13.10.
Analysis
Rust Yamux prior to version 0.13.10 is vulnerable to denial of service when processing specially crafted inbound stream frames that combine the SYN flag with oversized body lengths, causing the connection handler to panic due to improper state cleanup. An unauthenticated remote attacker can trigger this panic over any normal Yamux session without special privileges, crashing affected applications. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems and applications using Yamux library and document current versions. Within 7 days: Prioritize affected systems and establish a staging environment to test upgrade to Yamux 0.13.10 once available; implement network segmentation to restrict Yamux traffic to trusted sources only. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today