1259 matches found
OESA-2024-1387 ignition security update
Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...
DEBIAN-CVE-2024-31309
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...
ALPINE-CVE-2024-27983
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a T...
SUSE-SU-2024:1160-1 Security update for go1.22
This update for go1.22 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames bsc1221400 Other changes: - go minor release upgrade to 1.22.2 bsc1218424...
varnish: HTTP/2 Broken Window Attack may result in denial of service
A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the acti...
The vulnerability of the net/http and net/http2 libraries in the Go programming language is related to an uncontrolled resource consumption, allowing attackers to cause service failures.
The vulnerability of the net/http and net/http2 libraries in the Go programming language related to the implementation of the HTTP/2 protocol is related to an uncontrolled resource consumption due to incorrect determination of the end of headers during the processing of CONTINUATION frames...
The vulnerability of Tempesta web applications’ firewalls, related to unlimited resource distribution, allows attackers to cause service interruptions.
The vulnerability of Tempesta web applications’ firewalls, particularly in terms of implementing HTTP/2 protocols, is related to an uncontrolled resource consumption due to incorrect determination of the end of headers during the processing of CONTINUATION frames. Exploiting this vulnerability...
The vulnerability of the `node::http2::Http2Session::~Http2Session()` function in HTTP/2 server software for Node.js allows attackers to cause service failures.
The vulnerability of the node::http2::Http2Session::Http2Session function in HTTP/2 server-side software for Node.js is related to an uncontrolled resource consumption due to incorrect handling of header termination when processing CONTINUATION frames. Exploiting this vulnerability can allow a...
The vulnerability of the nghttp2 library, related to unlimited resource distribution, allows attackers to cause service failures.
The vulnerability of the nghttp2 library in terms of the implementation of the HTTP/2 protocol is related to an uncontrolled resource consumption due to incorrect determination of the end of headers during the processing of CONTINUATION frames. Exploiting this vulnerability could allow a remote...
areq (=0.1.0-alpha), bws-web-server (>=0.1.0 <=0.1.1) +26 more potentially affected by unknown CVE via h2 (=0.4.14)
h2 CARGO version =0.4.14 is affected by a known vulnerability. The following packages have a transitive dependency on h2 and may be impacted: - areq =0.1.0-alpha - bws-web-server =0.1.0, =0.5.2, =0.1.0, =1.0.0, =1.5.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.6.0 and more Source cves: unknown CVE Sourc...
AZL-38395 CVE-2023-45288 affecting package containerd for versions less than 1.7.13-6
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39484 CVE-2023-45288 affecting package etcd for versions less than 3.5.12-2
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-38542 CVE-2023-45288 affecting package moby-containerd-cc for versions less than 1.7.7-6
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-38581 CVE-2023-45288 affecting package git-lfs for versions less than 3.6.1-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39625 CVE-2023-45288 affecting package kata-containers for versions less than 3.2.0.azl4-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39238 CVE-2023-45288 affecting package vitess for versions less than 16.0.2-8
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39154 CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-38761 CVE-2023-45288 affecting package prometheus-adapter for versions less than 0.12.0-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-38608 CVE-2023-45288 affecting package libcontainers-common for versions less than 20240213-2
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39514 CVE-2023-45288 affecting package telegraf for versions less than 1.29.4-3
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...