Lucene search
K

88 matches found

CNNVD
CNNVD
added 2023/02/28 12:0 a.m.3 views

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References35
Veracode
Veracode
added 2023/02/26 12:22 p.m.37 views

Denial Of Service (DoS)

github.com/golang/net is vulnerable to Denial of Service DoS attacks. An attacker is able to cause excessive CPU consumption through the HPACK decoder via a small number of maliciously crafted HTTP/2 stream requests, resulting in an application crash...

7.5CVSS7.3AI score0.04561EPSS
Exploits0References18Affected Software2
Github Security Blog
Github Security Blog
added 2023/02/17 2:0 p.m.75 views

golang.org/x/net vulnerable to Uncontrolled Resource Consumption

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

7.5CVSS7.4AI score0.04561EPSS
Exploits0References17Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/17 12:0 a.m.47 views

Uncontrolled Resource Consumption

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

7.5CVSS2.2AI score0.04561EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/02/16 10:31 p.m.48 views

GO-2023-1571 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

7.5CVSS7.6AI score0.04561EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/16 3:3 a.m.3 views

SUSE CVE-2022-41723

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

7.5CVSS6.7AI score0.04561EPSS
Exploits0References33
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.5 views

SUSE CVE-2018-14645

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...

7.5CVSS7.3AI score0.03009EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.2 views

SUSE CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS7.9AI score0.60727EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2022/01/13 6:33 a.m.45 views

CVE-2018-14645

A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service. Mitigation HTTP/2 support is disabled by default on OpenShift Container Platform 3.11. To mitigate this...

7.5CVSS1.2AI score0.03009EPSS
Exploits0References2
CNVD
CNVD
added 2020/04/03 12:0 a.m.1 views

HAProxy Buffer Overflow Vulnerability

HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy. The server provides 4-layer and 7-layer proxy , and can support tens of thousands of level of connections , with high efficiency , stability and other characteristics . A security vulnerability exists in the...

8.8CVSS7.8AI score0.60727EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/03 12:0 a.m.18 views

FreeBSD : HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2 (7f829d44-7509-11ea-b47c-589cfc0f81b0)

The HAproxy Project reports : The main driver for this release is that it contains a fix for a serious vulnerability that was responsibly reported last week by Felix Wilhelm from Google Project Zero, affecting the HPACK decoder used for HTTP/2. CVE-2020-11100 was assigned to this issue. C Tenable...

8.8CVSS7AI score0.60727EPSS
Exploits0References6
OSV
OSV
added 2020/04/02 3:15 p.m.29 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS4.8AI score
Exploits0References14
Prion
Prion
added 2020/04/02 3:15 p.m.19 views

Remote code execution

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

6.5CVSS8.7AI score0.60727EPSS
Exploits0References14Affected Software6
EUVD
EUVD
added 2020/04/02 2:23 p.m.3 views

EUVD-2020-3458

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS7.7AI score0.60727EPSS
Exploits0References24
CVE
CVE
added 2020/04/02 2:23 p.m.298 views

CVE-2020-11100

HAProxy CVE-2020-11100 involves an out-of-bounds write in the HPACK decoder ({Hpack_dht_insert} in {hpack-tbl.c}) that could allow a remote attacker to execute code via a crafted HTTP/2 request. Amazon Linux 2 advisory ALAS2HAPROXY2-2023-006 confirms the fix in haproxy2 2.1.4-1 (haproxy2 package)...

8.8CVSS8.7AI score0.60727EPSS
Exploits0References14Affected Software1
Cvelist
Cvelist
added 2020/04/02 2:23 p.m.27 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8AI score0.60727EPSS
Exploits0References14
AlpineLinux
AlpineLinux
added 2020/04/02 2:23 p.m.42 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS9AI score0.60727EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/04/02 12:0 a.m.28 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. Recent assessments: 3dcyber at April 23, 2020 1:18...

8.8CVSS1.6AI score0.60727EPSS
Exploits0References19
Veracode
Veracode
added 2019/01/15 9:26 a.m.30 views

Denial Of Service (DoS)

haproxy is vulnerable to denial of service. An out-of-bounds read in the hpackvalididx function in HPACK decoder used for HTTP/2 allows a remote attacker to crash the service...

7.5CVSS7.2AI score0.03009EPSS
Exploits0References6Affected Software16
RedHat Linux
RedHat Linux
added 2019/01/10 8:55 a.m.3 views

haproxy: Out-of-bounds read in HPACK decoder

A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...

7.5CVSS7.2AI score0.03009EPSS
Exploits0References5
Rows per page
Query Builder