AZL-38941 CVE-2023-45288 affecting package opa for versions less than 0.63.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38683 CVE-2023-45288 affecting package gh for versions less than 2.62.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

PT-2024-2622

Vulnerability Report Name of the Vulnerable Software and Affected Versions: Node.js versions 18.x, 20.x, and 21.x corepack20-20.12.1-1.1 corepack21-21.7.2-1.1 OpenSUSE affected versions not specified MosOS affected versions not specified Alma Linux affected versions not specified Rocky Linux...

The vulnerability of the PSR-7 guzzlehttp/psr7 HTTP message processing library, due to insufficient validation of input data, allows attackers to compromise the integrity of the protected information.

The vulnerability of the PSR-7 guzzlehttp/psr7 HTTP message processing library is related to insufficient validation of input data during header processing. Exploiting this vulnerability allows an attacker to compromise the integrity of the protected information...

The vulnerability of the sub_4484A8() function in D-Link DIR-823G router microprogramming software allows a hacker to induce a service failure.

The vulnerability of the sub4484A8 function in D-Link DIR-823G router microprogramming software is related to errors in pointer manipulation during the processing of HTTP headers. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

SUSE CVE-2023-52525

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix oob check condition in mwifiexprocessrxpacket Only skip the code path trying to access the rfc1042 headers when the buffer is too small, so the driver can still process packets without rfc1042 headers...

SUSE CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

DEBIAN-CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

UBUNTU-CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

LibHTP 安全漏洞

LibHTP is a security-aware parser. The product is mainly used for HTTP protocols, among others. A denial of service vulnerability exists in LibHTP prior to version 0.5.46. The vulnerability stems from failure to properly process incoming error messages, which can be exploited by an attacker to...

PT-2024-2334

Name of the Vulnerable Software and Affected Versions LibHTP versions prior to 0.5.46 Description The issue is related to excessive processing time of HTTP headers, leading to denial of service when crafted traffic is sent. This can be exploited by a remote attacker to cause a denial of service...

The vulnerability of Firefox browser, related to insufficient protection of service data, allows attackers to gain unauthorized access to protected information.

The vulnerability of Firefox browsers is related to insufficient protection of service data during the processing of the Vary response header for comparing request headers. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by sending iterativ...

The vulnerability of the cURL command-line utility interface allows a hacker to trigger a service failure.

The vulnerability of the cURL command-line utility interface relates to the allocation of unlimited memory during the processing of HTTP headers. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerabilities of the CompressorStreamFactory, TarArchiveInputStream, and TarFile classes in the Apache Commons Compress library allow a attacker to trigger a service failure.

The vulnerabilities of the CompressorStreamFactory, TarArchiveInputStream, and TarFile classes in the Apache Commons Compress library are related to an uncontrolled resource consumption due to insufficient validation of input data during the processing of TAR archive headers. Exploiting these...

The vulnerability of the Mutt mail client, related to errors in pointer aliasing, allows a hacker to trigger a service failure.

The vulnerability of the Mutt mail client is related to errors in pointer manipulation when processing message headers. Exploiting this vulnerability can allow an attacker to cause a service failure...

haproxy: request smuggling attack in HTTP/1 header parsing

A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the modproxy module in the Apache HTTP Server is related to deficiencies in header processing for Transfer-Encoding. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

PT-2023-2356 · Libde265 +5 · Libde265 +5

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.11 Description: The issue is related to a segmentation violation via the decoder context::process slice segment header function at decctx.cc. This vulnerability is associated with pointer dereference errors in the h.265...

UBUNTU-CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

The vulnerability in the implementation of the `rejectIllegalHeader` attribute in the Apache Tomcat application server allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Apache Tomcat application server’s implementation of the rejectIllegalHeader attribute is related to deficiencies in the processing of HTTP requests containing the Content-Length header. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests...