Lucene search
K

25 matches found

Github Security Blog
Github Security Blog
added 2026/05/07 3:52 a.m.11 views

Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion

Summary Bandit's HTTP/2 parser checks frame size after it has already buffered the full body, instead of when it sees the 9-byte header. A peer can announce a 16 MiB frame on a connection that agreed to 16 KiB frames and the server will silently buffer up to 1024× the agreed budget per connection...

6.9CVSS5.9AI score0.0051EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/01 8:34 p.m.6 views

CVE-2026-42788 HTTP/2 frame size limit checked after body is buffered in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGSMAXFRAMESIZE limit only after pattern-matching...

6.9CVSS5.9AI score0.0051EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/12/25 12:54 a.m.3 views

SUSE CVE-2023-54155

In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG xdp-framesz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121...

5.5CVSS6.3AI score0.00168EPSS
Exploits0References17
EUVD
EUVD
added 2025/12/24 3:30 p.m.3 views

EUVD-2023-60290

In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG xdp-framesz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121...

5.8AI score0.00168EPSS
Exploits0References5
NVD
NVD
added 2025/12/24 1:16 p.m.5 views

CVE-2023-54155

In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG xdp-framesz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121...

0.00168EPSS
Exploits0References4
OSV
OSV
added 2025/12/24 1:16 p.m.3 views

UBUNTU-CVE-2023-54155

In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG xdp-framesz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121...

5.7AI score0.00168EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/12/24 1:16 p.m.4 views

CVE-2023-54155

In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG xdp-framesz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121...

5.7AI score0.00168EPSS
Exploits0References5
OSV
OSV
added 2025/12/24 1:7 p.m.3 views

CVE-2023-54155 net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()

In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG xdp-framesz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121...

6.2AI score0.00168EPSS
Exploits0References7
CVE
CVE
added 2025/12/24 1:7 p.m.13 views

CVE-2023-54155

The CVE relates to the Linux kernel net/xdp path. Root cause: a previous check enforcing xdp.frame_sz > PAGE_SIZE was removed in the context of allowing bpf_xdp_adjust_tail() to grow packet size, after xdp_init_buff() was introduced. This can allow excessive frame sizes (e.g., xdp->frame_sz...

5.9AI score0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/24 1:7 p.m.24 views

CVE-2023-54155 net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()

In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG xdp-framesz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121...

0.00168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-54155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG...

7AI score0.00168EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unnecessary frame size check that could result in a kernel warning...

6.2AI score0.00168EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/12 8:15 a.m.4 views

kernel: wifi: mac80211: check S1G action frame size

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check S1G action frame size Before checking the action code, check that it even exists in the frame...

7.8CVSS6.8AI score0.00144EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.7 views

AlmaLinux 8 : kernel-rt (ALSA-2025:19440)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19440 advisory. kernel: wifi: mac80211: check S1G action frame size CVE-2023-53257 kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets CVE-2023-53226...

7.8CVSS7AI score0.00152EPSS
Exploits0References5
OSV
OSV
added 2025/11/03 12:0 a.m.7 views

ALSA-2025:19447 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: wifi: mac80211: check S1G action frame size CVE-2023-53257 kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets CVE-2023-53226 kernel: wifi: cfg80211: fix use-after-free i...

7.8CVSS5.1AI score0.00152EPSS
Exploits0References8
NVD
NVD
added 2025/09/15 3:15 p.m.4 views

CVE-2023-53257

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check S1G action frame size Before checking the action code, check that it even exists in the frame...

7.8CVSS0.00144EPSS
Exploits0References4
OSV
OSV
added 2025/09/15 3:15 p.m.4 views

DEBIAN-CVE-2023-53257

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check S1G action frame size Before checking the action code, check that it even exists in the frame...

7.8CVSS6.2AI score0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/15 2:46 p.m.13 views

CVE-2023-53257 wifi: mac80211: check S1G action frame size

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check S1G action frame size Before checking the action code, check that it even exists in the frame...

0.00144EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check the S1G operation frame size, which could result in a null pointer dereference...

7.8CVSS5.9AI score0.00144EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.8 views

openSUSE: Security Advisory for gstreamer (SUSE-SU-2023:3801-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.7AI score0.05372EPSS
Exploits0References2
Rows per page
Query Builder