AZL-39484 CVE-2023-45288 affecting package etcd for versions less than 3.5.12-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

DEBIAN-CVE-2024-28182

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

AZL-39460 CVE-2024-28182 affecting package nghttp2 for versions less than 1.57.0-2

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

UBUNTU-CVE-2024-28182

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

CVE-2024-20846

Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code...

CVE-2024-20846

Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code...

CVE-2024-20846

CVE-2024-20846 describes an out-of-bounds write vulnerability in the libsavsac.so module when decoding hcr. A local attacker could potentially execute arbitrary code due to this flaw in versions prior to SMR Apr-2024 Release 1. A remediation is to update to SMR Apr-2024 Release 1 or later; a temp...

CVE-2024-20846

Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code...

PT-2024-18755 · Unknown · Libsavsac.So

Name of the Vulnerable Software and Affected Versions: libsavsac.so versions prior to SMR Apr-2024 Release 1 Description: The issue is related to an out-of-bounds write vulnerability while decoding hcr of libsavsac.so. This allows a local attacker to execute arbitrary code. Recommendations: For...

CVE-2024-21453

Transient DOS while decoding message of size that exceeds the available system memory...

CVE-2024-21452

Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions...

CVE-2024-21454

Vulnerability CVE-2024-21454 affects Automotive Telematics and is described as a transient Denial of Service during decoding of the ToBeSignedMessage. The CVE record notes an underlying issue described as an Integer Overflow to Buffer Overflow in Automotive Telematics. The CVSS score is 7.5 (HIGH...

CVE-2024-21453

CVE-2024-21453: Affects Qualcomm chipsets; a vulnerability in the message decoding path where decoding a message larger than available system memory can cause a transient Denial of Service. The entry cites a network-based attack vector with no user interaction and high impact on availability. Pub...

CVE-2024-21453 Improper Input Validation in Automotive Telematics

Transient DOS while decoding message of size that exceeds the available system memory...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a denial of service when decoding messages whose size exceeds the available system memory...

PT-2024-18879 · Unknown · Automotive Telematics

Name of the Vulnerable Software and Affected Versions: Automotive Telematics affected versions not specified Description: The issue is related to a transient Denial of Service DOS that occurs while decoding the ToBeSignedMessage in Automotive Telematics. Recommendations: At the moment, there is n...

PT-2024-18878 · Qualcomm · Snapdragon +26

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a transient Denial of Service DOS that occurs when decoding a message of a size that exceeds the available system memory...

squid: Denial of Service in HTTP Chunked Decoding

A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service...

Important: Red Hat Security Advisory: squid security and bug fix update

An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

squid: Denial of Service in HTTP Chunked Decoding

A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service...