4428 matches found
Alibaba Cloud Linux 3 : 0101: nghttp2 (ALINUX3-SA-2022:0101)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0101 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-9513: Some HTTP/2 implementations...
Alibaba Cloud Linux 3 : 0033: go-toolset:rhel8 (ALINUX3-SA-2024:0033)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0033 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-39325: A malicious HTTP/2 client...
CVE-2025-41414
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-36504
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit
Original Report In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specifi...
CVE-2025-1948
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...
CVE-2025-1948
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...
DEBIAN-CVE-2025-1948
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...
UBUNTU-CVE-2025-1948
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...
CVE-2025-1948
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...
PT-2025-20402 · Eclipse · Eclipse Jetty
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 12.0.0 through 12.0.16 Description: The issue arises when an HTTP/2 client specifies a very large value for the HTTP/2 settings parameter SETTINGS MAX HEADER LIST SIZE. The Jetty HTTP/2 server fails to validate this...
CVE-2025-41414
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-36504
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-36504 BIG-IP HTTP/2 vulnerability
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-41414 BIG-IP HTTP/2 vulnerability
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-36504 BIG-IP HTTP/2 vulnerability
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-41414 BIG-IP HTTP/2 vulnerability
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-41414
Summary of CVE-2025-41414 (BIG-IP HTTP/2 vulnerability) Issue: When HTTP/2 client and server profiles are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate, resulting in DoS via traffic disruption as the TMM restarts. This is a da...
CVE-2025-36504
CVE-2025-36504 affects BIG-IP when an HTTP/2 httprouter profile is configured on a virtual server. The issue can cause undisclosed responses that lead to increased memory/resource utilization, potentially degrading performance and causing DoS-like impact on the BIG-IP system. Security advisory K0...
nghttp2 security update
An update is available for nghttp2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libnghttp2 is a library implementing the Hypertext Transfer Protocol version ...