12 matches found
CVE-2025-20360
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are...
EUVD-2025-34665
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer...
CVE-2025-20360 Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are...
CVE-2025-20359 Multiple Cisco Products Snort 3 MIME Information Disclosure or Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer...
CVE-2025-20359
CVE-2025-20359 affects multiple Cisco products via the Snort 3 HTTP Decoder/MIME handling. The root cause is a buffer under-read caused by flawed parsing of HTTP header MIME fields, which can be triggered by crafted HTTP packets processed by Snort 3. Potential outcomes verified in the sources inc...
CVE-2025-20359 Multiple Cisco Products Snort 3 MIME Information Disclosure or Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer...
Multiple Cisco Products Snort 3 MIME DoS Vulnerabilities (cisco-sa-snort3-mime-vulns-tTL8PgVH_CVE-2025-20359)
According to its self-reported version, Cisco ASA Software is affected by a vulnerability. - Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Sno...
PT-2025-42382
Name of the Vulnerable Software and Affected Versions Cisco Snort 3 affected versions not specified Description A flaw exists in the Snort 3 HTTP Decoder that may allow a remote, unauthenticated attacker to disrupt service. The issue stems from insufficient error checking during the parsing of HT...
Cisco IOS XE Software 安全漏洞
Cisco IOS XE Software is a network operating system from Cisco. A security vulnerability exists in Cisco IOS XE Software that originates from a buffer handling logic error in the HTTP decoder when parsing the MIME field of the HTTP header, which could lead to a buffer under-read attack or sensiti...
netty-codec-http: Allocation of Resources Without Limits or Throttling
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...
netty-codec-http: Allocation of Resources Without Limits or Throttling
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...
PT-2022-37284 · Git +1 · Swiftnio
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Invalid-free. It involves the NIOHTTP1.HTTPDecoder.didFinishHead function and a protocol witness for...