Lucene search
K

111 matches found

OSV
OSV
added 2024/04/26 11:7 a.m.3 views

OESA-2024-1503 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small...

7.5CVSS6.8AI score0.04561EPSS
Exploits0References2
OSV
OSV
added 2024/04/26 11:7 a.m.2 views

OESA-2024-1504 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small...

7.5CVSS6.8AI score0.04561EPSS
Exploits0References2
OSV
OSV
added 2024/04/05 3:6 p.m.4 views

GHSA-W7HM-HMXV-PVHF HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...

7.5CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2024/04/04 9:15 p.m.4 views

AZL-38785 CVE-2023-45288 affecting package azcopy for versions less than 10.25.1-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.7 views

AZL-39460 CVE-2024-28182 affecting package nghttp2 for versions less than 1.57.0-2

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.9AI score0.8496EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2023/11/14 4:3 p.m.3 views

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS6.6AI score0.04561EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2023/11/07 8:52 a.m.8 views

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS6.6AI score0.04561EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2023/11/07 8:39 a.m.4 views

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS6.6AI score0.04561EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2023/10/31 12:0 a.m.4 views

The vulnerability of the HPACK decoder in the Golang programming language, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the HPACK decoder in the Golang programming language is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a local attacker to cause service failures...

7.8CVSS6.5AI score0.04561EPSS
Exploits0References15Affected Software31
RustSec
RustSec
added 2023/09/15 12:0 p.m.5 views

HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.9 views

PT-2023-25881 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions 4.9 and prior Description: Contiki-NG is an operating system for internet-of-things devices. The issue arises during IPHC header decompression when processing IPv6 header fields. Specifically, the system fails to check if...

5.3CVSS5.1AI score0.00386EPSS
Exploits0References4
Amazon
Amazon
added 2023/09/07 12:0 a.m.5 views

Important: amazon-ecr-credential-helper

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: amazon-ecr-credential-helper Issue Correction: Run dnf update amazon-ecr-credential-helper --releasever 2023.1.20230906 or dnf update --advisory ALAS2023-2023-337 --releasever 2023.1.202309...

7.5CVSS6.7AI score0.04561EPSS
Exploits0
OSV
OSV
added 2023/08/09 1:15 p.m.6 views

AZL-39394 CVE-2023-33953 affecting package python-tensorboard for versions less than 2.11.0-2

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption ...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References1
OSV
OSV
added 2023/08/09 1:15 p.m.1 views

DEBIAN-CVE-2023-33953

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption ...

7.5CVSS7.8AI score0.00412EPSS
Exploits0References1
OSV
OSV
added 2023/07/05 7:12 p.m.4 views

GHSA-CFGP-2977-2FMM Connection confusion in gRPC

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

7.4CVSS6.8AI score0.00502EPSS
Exploits0References9
OSV
OSV
added 2023/06/09 11:15 a.m.2 views

UBUNTU-CVE-2023-32731

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

7.5CVSS6.9AI score0.00502EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.3 views

gRPC 安全漏洞

gRPC is a modern, open source, high-performance Remote Procedure Call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC that stems from the fact that when the gRPC HTTP2 stack throws a header size exceeded error, it skips parsing the rest of the HPACK frame. This causes...

7.5CVSS7.5AI score0.00502EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/06 8:36 a.m.4 views

curl: HTTP multi-header compression denial of service

A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors...

6.5CVSS6.8AI score0.01703EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/06/05 6:55 p.m.7 views

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS6.6AI score0.04561EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2023/06/05 6:54 p.m.4 views

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS6.6AI score0.04561EPSS
Exploits0References11
Rows per page
Query Builder