Malicious code in dmnstnd-http3-client (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5092 Malicious code in dmnstnd-http3-client (PyPI)

--- -= Per source details. Do not edit below this line.=-...

The vulnerability of the HTTP/3 QUIC module (ngx_http_v3_module) in NGINX Plus and NGINX OSS web servers allows a attacker to cause a service failure.

The vulnerability of the HTTP/3 QUIC module ngxhttpv3module in NGINX Plus and NGINX OSS relates to the assignment of the zero pointer. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted HTTP/3 requests...

SUSE CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

DEBIAN-CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

com.artipie.maven.resolver:maven-resolver-transport-http3 (>=v0.0.1 <=v0.0.9), com.artipie:asto-artipie (>=v1.17.2 <=v1.17.16) +37 more potentially affected by CVE-2024-22201 via org.eclipse.jetty.http3:jetty-http3-common (>=12.0.0 <=12.0.5)

org.eclipse.jetty.http3:jetty-http3-common MAVEN version =12.0.0, =v0.0.1, =v1.17.2, =v1.17.2, =v1.17.2, =v1.17.2, =0.4.1, =v1.17.2, =v1.17.2, =v1.17.2, =2.0.20, =1.2.3, =0.1.16, =0.2.5p2 - io.ikanos:ikanos-coverage =1.0.0-alpha3 - io.ikanos:ikanos-engine =1.0.0-alpha3 -...

SUSE CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

PT-2024-1647 · Nginx +1 · Nginx Oss +3

The affected software is NGINX, specifically the HTTP/3 QUIC module in NGINX Plus and NGINX OSS. When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate, potentially leading to a denial of service, related to a...

SUSE CVE-2024-0207

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...

CVE-2024-0207

A flaw was found in the HTTP3 dissector of Wireshark. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file...

CVE-2024-0207

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...

CVE-2024-0207

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...

Design/Logic Flaw

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...

CVE-2024-0207 Out-of-bounds Read in Wireshark

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...

CVE-2024-0207 Out-of-bounds Read in Wireshark

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...

CVE-2024-0207

CVE-2024-0207 affects Wireshark 4.2.0, where the HTTP3 dissector crashes, allowing denial of service via packet injection or crafted capture files. Evidence from multiple sources confirms the vulnerability in the HTTP3 parser with DoS impact (CVE-2024-0207). remediation: upgrade to Wireshark 4.2....

CVE-2024-0207

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...

CVE-2024-0207 Out-of-bounds Read in Wireshark

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...

CVE-2024-0207

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...

Wireshark 4.2.x < 4.2.1 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 4.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.2.1 advisory. - GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packe...