Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-012 (ALASNGINX1-2026-012)

The version of nginx installed on the remote host is prior to 1.30.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2026-012 advisory. When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof...

curl: HTTP/2 proxy CONNECT tunnel unbounded 1xx chain (missing Curl_bump_headersize cap in cf-h2-proxy.c)

A malicious HTTPS-on-HTTP/2 proxy can grow a libcurl client's resident set without bound during the CONNECT phase by streaming 1xx informational responses. The CVE-2023-38039 cap MAXHTTPRESPHEADERSIZE, 300 KiB, enforced through Curlbumpheadersize is not applied on the HTTP/2 proxy path. The HTTP/...

CVE-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

PT-2026-40677

Name of the Vulnerable Software and Affected Versions NGINX Open Source affected versions not specified Description When configured to proxy HTTP/2 traffic by setting proxy http version to 2 and utilizing proxy set body, an attacker can inject frame headers and payload bytes to the upstream peer...

Security Bulletin: gRPC HTTP/2 HPACK Desynchronization Vulnerability Allowing Header Leakage and Privilege Escalation, affects watsonx.data

Summary When gRPC encountered an exceeded header size error, it stopped parsing the remainder of the HPACK frame. This also prevented HPACK dynamic table updates from being processed, causing the sender and receiver HPACK tables to fall out of sync. In environments using an HTTP 2 proxy in front ...

grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend

A flaw was found in Google gRPC due to HPACK table poisoning between the proxy and backend so that other clients see failed requests, resulting in a denial of service. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent...

Security update for python-grpcio

This update for python-grpcio fixes the following issues: CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 Patch Instructions: To install this SUSE update use t...

DEBIAN-CVE-2024-7246

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the...

AZL-47442 CVE-2024-7246 affecting package grpc for versions less than 1.62.3-1

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the...

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation via the HPackParser function when the gRPC client is communicating with an HTTP/2 proxy, allowing the attacker to poison the HPACK table. By manipulating the header encoding and poisoning the HPACK table...

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation via the HPackParser function when the gRPC client is communicating with an HTTP/2 proxy, allowing the attacker to poison the HPACK table. By manipulating the header encoding and poisoning the HPACK table...