PT-2024-3098 · Micrium · Micrium Os Network Http Server

Name of the Vulnerable Software and Affected Versions: Micrium OS Network HTTP Server affected versions not specified Description: A bug in the Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing, potentially allowing a device crash and Denial of Service...

UBUNTU-CVE-2024-3120

A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sipvalidatepacket and sipparseextraheaders functions within src/sip.c. This...

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.

...

SUSE CVE-2024-27983

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a T...

AZL-39484 CVE-2023-45288 affecting package etcd for versions less than 3.5.12-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38158 CVE-2023-45288 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38569 CVE-2023-45288 affecting package docker-compose for versions less than 2.27.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38284 CVE-2023-45288 affecting package kured for versions less than 1.15.0-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38941 CVE-2023-45288 affecting package opa for versions less than 0.63.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38683 CVE-2023-45288 affecting package gh for versions less than 2.62.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

PT-2024-2622

Vulnerability Report Name of the Vulnerable Software and Affected Versions: Node.js versions 18.x, 20.x, and 21.x corepack20-20.12.1-1.1 corepack21-21.7.2-1.1 OpenSUSE affected versions not specified MosOS affected versions not specified Alma Linux affected versions not specified Rocky Linux...

SUSE CVE-2023-52525

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix oob check condition in mwifiexprocessrxpacket Only skip the code path trying to access the rfc1042 headers when the buffer is too small, so the driver can still process packets without rfc1042 headers...

SUSE CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

DEBIAN-CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

UBUNTU-CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

LibHTP 安全漏洞

LibHTP is a security-aware parser. The product is mainly used for HTTP protocols, among others. A denial of service vulnerability exists in LibHTP prior to version 0.5.46. The vulnerability stems from failure to properly process incoming error messages, which can be exploited by an attacker to...

PT-2024-2334

Name of the Vulnerable Software and Affected Versions LibHTP versions prior to 0.5.46 Description The issue is related to excessive processing time of HTTP headers, leading to denial of service when crafted traffic is sent. This can be exploited by a remote attacker to cause a denial of service...

haproxy: request smuggling attack in HTTP/1 header parsing

A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...

PT-2023-2356 · Libde265 +5 · Libde265 +5

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.11 Description: The issue is related to a segmentation violation via the decoder context::process slice segment header function at decctx.cc. This vulnerability is associated with pointer dereference errors in the h.265...

UBUNTU-CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...