100 matches found
Wireshark 代码问题漏洞
Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.5, as well as 4.4.0 to 4.4.15, have code vulnerabilities that can lead to a...
PT-2026-43676
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the SLIP Serial Line IP implementation where the slhc init function allows a configuration with rslots set to 0, indicating no receive compression. In this state, the...
CVE-2026-43970
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
Astra Linux – Vulnerability in nghttp2
nghttp2 is an implementation of the Hypertext Transfer Protocol Version 2 in C. The nghttp2 library prior to version 1.61.0 continued to read an unlimited number of HTTP/2 CONTINUATION frames even after a stream was reset, in order to keep the HPACK context synchronized. This caused excessive CPU...
Denial Of Service (DoS)
Node.js is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed HTTP/2 HEADERS frames containing invalid HPACK data, which can trigger an unhandled TLSSocket ECONNRESET error and cause the Node.js process to crash, enabling remote denial of service...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
BIT-NODE-MIN-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
ALPINE-CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
AZL-75077 CVE-2025-59465 affecting package nodejs for versions less than 20.14.0-13
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
Linux Distros Unpatched Vulnerability : CVE-2025-59465
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception due to the unhandled TLSSocket error ECONNRESET. An attacker can cause application crash by passing malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data. Note: This issue primary affects applications...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-429912)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-429912 advisory. In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was...
HPACK table poisoning in gRPC C++, Python & Ruby
...
CVE-2025-32100
CVE-2025-32100 affects Samsung Mobile Processor, Wearable Processor, and Modem Exynos/Modem families (multiple models listed). Root cause: a buffer copy programming mistake leading to out-of-bounds writes via malformed ROHC packets. Impact per NVD metrics: Network attack vector, low attack comple...
PT-2025-35595
Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 990 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 850 Samsung Mobile Processor, Wearable...
Linux Distros Unpatched Vulnerability : CVE-2023-33953
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Thr...