GHSA-WGH7-54F2-X98R HTTP/2 HPACK integer overflow and buffer allocation

An integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. In MetaDataBuilder.java, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: java 291 public void...

USN-6427-1 dotnet6, dotnet7 vulnerability

It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service...

AZL-35350 CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31306 CVE-2023-44487 affecting package etcd for versions less than 3.5.6-11

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31331 CVE-2023-44487 affecting package multus for versions less than 3.8-12

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34837 CVE-2023-44487 affecting package keda for versions less than 2.4.0-14

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34686 CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31317 CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31299 CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31342 CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34825 CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35038 CVE-2023-44487 affecting package node-problem-detector for versions less than 0.8.10-16

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-37404 CVE-2023-44487 affecting package golang for versions less than 1.21.6-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35282 CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35441 CVE-2023-44487 affecting package docker-compose for versions less than 2.27.0-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31336 CVE-2023-44487 affecting package node-problem-detector for versions less than 0.8.10-16

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34799 CVE-2023-44487 affecting package helm for versions less than 3.15.2-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34819 CVE-2023-44487 affecting package jx for versions less than 3.2.236-13

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31291 CVE-2023-44487 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-15

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31297 CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...