NRDAX
Submit

← registry

NRDAX-T0106 - Header-Length Preallocation OOM

memory_amp · active · first seen 2026-07-01

provenance: Reproduced in NullRabbit's attack-reproduction pipeline

mechanism

CVE-2015-3641: header length field pre-allocates the receive buffer before the body → per-connection OOM

instances (6)

chainprimitivefidelityoriginreproducer (bundle)source
bitcoin btc_oversized_recv_buffer lab reverse-engineered-cve btc_oversized_recv_buffer bitcoincore.org ↗
monero monero_portable_storage_oom lab reverse-engineered-cve monero_portable_storage_oom github.com ↗
zcash zcash_zebra_addr_vector_preallocation_amplification lab reverse-engineered-cve zcash_zebra_addr_vector_preallocation_amplification https://github.com/advisories/GHSA-xr93-pcq3-pxf8 ↗
zcash zcash_zebra_coinbase_script_preallocation_amplification lab reverse-engineered-cve zcash_zebra_coinbase_script_preallocation_amplification https://nvd.nist.gov/vuln/detail/CVE-2026-44500 ↗
zcash zcash_zebra_equihash_solution_preallocation_amplification lab reverse-engineered-cve zcash_zebra_equihash_solution_preallocation_amplification https://nvd.nist.gov/vuln/detail/CVE-2026-44500 ↗
zcash zcash_zebra_headers_message_preallocation_amplification lab reverse-engineered-cve zcash_zebra_headers_message_preallocation_amplification https://nvd.nist.gov/vuln/detail/CVE-2026-44500 ↗

related (memory_amp)

cite

https://nrdax.com/techniques/NRDAX-T0106

plain

NRDAX Registry. Technique NRDAX-T0106.

bibtex
@misc{nrdax_NRDAX_T0106,
  title = {Header-Length Preallocation OOM (NRDAX-T0106)},
  howpublished = {NRDAX Registry},
  url = {https://nrdax.com/techniques/NRDAX-T0106},
}
json (csl)
{
  "id": "nrdax-NRDAX-T0106",
  "type": "dataset",
  "title": "Header-Length Preallocation OOM (NRDAX-T0106)",
  "URL": "https://nrdax.com/techniques/NRDAX-T0106",
  "publisher": "NRDAX Registry"
}