98 matches found
Google Golang Resource Management Error Vulnerability
Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...
AZL-34825 CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-35038 CVE-2023-44487 affecting package node-problem-detector for versions less than 0.8.10-16
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-31342 CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-31299 CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-37404 CVE-2023-44487 affecting package golang for versions less than 1.21.6-1
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-35441 CVE-2023-44487 affecting package docker-compose for versions less than 2.27.0-1
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-34819 CVE-2023-44487 affecting package jx for versions less than 3.2.236-13
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-31312 CVE-2023-44487 affecting package influxdb for versions less than 2.6.1-11
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-34568 CVE-2023-44487 affecting package blobfuse2 for versions less than 2.1.0-4
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-31297 CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-34997 CVE-2023-44487 affecting package moby-containerd-cc for versions less than 1.7.1-5
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-31296 CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
gRPC 安全漏洞
gRPC is a modern, open-source, high-performance Remote Procedure Call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC, which stems from the ability to call abort functions via http2...
golang: net/http: handle server errors after sending GOAWAY
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...
DEBIAN-CVE-2022-31394
Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...
SUSE CVE-2018-16843
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...
SUSE CVE-2019-9512
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...
http2-server: Invalid HTTP/2 requests cause DoS
A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...
Containous Traefik 资源管理错误漏洞
Containous Traefik is a reverse proxy and load balancer from US-based Containous. A resource management error vulnerability exists in Containous Traefik versions prior to 2.8.8, 2.9.0-rc5 and prior to 2.9.0-rc5, which stems from a fatal error that can cause closed HTTP/2 server connections to han...