Back
Low · CVSS 3.7Denial of Service (CWE-400)

DoS via Unbounded Memory Allocation in sendWebStream on Fastify v5.7.0+ leads to OOM crash when backpressure is ignored

hackerone-reports
hackerone-reports
March 6, 2026
1
€0

Vulnerability Summary

HackerOne disclosed report --> https://hackerone.com/reports/3524779 by onlybugs05

Denial of Service (DoS) via Unbounded Memory Allocation in sendWebStream (Backpressure Ignored)

Weakness

Identification Required

You must be logged in to read this writeup. Join our community of researchers today.

Sign InRegister

Discussion

No comments yet. Be the first to share your thoughts.

Log in to join the discussion.

Sign In