100 matches found
USN-5891-1 curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2023-23914 Harry Sintonen...
Internet Bug Bounty: HTTP multi-header compression denial of service
A vulnerability was discovered in curl versions 7.57.0 to 7.87.0 that allowed a malicious server to insert an unlimited number of compression steps by using many headers, resulting in a "malloc bomb" and a denial of service attack. The vulnerability was fixed in version 7.88.0 by capping the numb...
[SECURITY] [DLA 3341-1] curl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3341-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk February 24, 2023 https://wiki.debian.org/LTS -...
Updated curl packages fix security vulnerability
HTTP multi-header compression denial of service. CVE-2023-23916...
PT-2023-6559
Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description The issue is related to a maliciously crafted HTTP/2 stream that could cause excessive CPU consumption in the HPACK decoder, leading to a denial of servic...
SUSE-SU-2023:0425-1 Security update for curl
This update for curl fixes the following issues: - CVE-2023-23916: Fixed HTTP multi-header compression denial of service bsc1207992...
SUSE CVE-2013-1587
The dissectrohcirpacket function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service application crash via a malformed packet...
curl: CVE-2023-23916: HTTP multi-header compression denial of service
An HTTP multi-header compression denial of service vulnerability was discovered that allowed an attacker to send an HTTP response with many occurrences of Transfer-Encoding and/or Content-Encoding headers, consuming all available memory and causing a denial of service. The vulnerability was patch...
Mozilla Firefox Security Advisory (MFSA2012-73) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
The vulnerability of the HPACK decoder in HAProxy server software allows for exploitation by reading data beyond the allowed buffer limits, enabling attackers to cause service failures.
The vulnerability of the HPACK decoder in HAProxy server software relates to reading data from buffer fields beyond their allowable limits. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Buffer Error Vulnerability in Multiple Qualcomm Products
A Qualcomm chip is a chip from Qualcomm Incorporated USA. It is a way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc. and is often fabricated on the surface of semiconductor wafers. A buffer error vulnerability exists in several Qualcomm products, which...
DEBIAN-CVE-2020-11100
In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...
ALPINE-CVE-2020-11100
In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...
UBUNTU-CVE-2020-11100
In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...
haproxy: Out-of-bounds read in HPACK decoder
A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...
Apache Traffic Server Denial of Service Vulnerability (CNVD-2017-06029)
Apache Traffic Server is an efficient and scalable HTTP proxy and caching server . Apache Traffic Server has a security vulnerability that allows remote attackers to exploit the vulnerability to submit a special request and perform HPACK Bomb attacks...
UBUNTU-CVE-2016-6581
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...
PT-2017-8994
Name of the Vulnerable Software and Affected Versions Python HPACK library versions 1.0.0 through 2.2.0 Description A denial of service attack, known as an "HPACK Bomb" attack, can be launched against the HTTP/2 implementation built using the Python HPACK library. This occurs when an attacker...
Android OS issue where it is affected by the CRIME attack
Overview The implementation of the TLS protocol in Android OS contains a vulnerability where plaintext HTTP headers may be obtained. The TLS protocol contains a function that compresses data for communications between the client and server. This function does not properly obfuscate the length of...
SeaMonkey < 2.12.0 Multiple Vulnerabilities
The installed version of SeaMonkey is earlier than 2.12.0. Such versions are potentially affected by the following security issues : - An error exists related to 'Object.defineProperty' and the location object that could allow cross-site scripting attacks. CVE-2012-1956 - Unspecified memory safet...