USN-7469-1 trafficserver vulnerability

It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause Apache Traffic Server to crash, resulting in a denial of service...

UBUNTU-CVE-2025-32908

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup that stems from an HTTP/2 server that does not fully validate pseudo header values, which could lead to a denial of service...

PT-2025-15870 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: PAN-OS versions affected versions not specified Description: A vulnerability in the PAN-OS software allows unlicensed administrators to view clear-text data captured using the packet capture feature in decrypted HTTP/2 data streams traversing...

mod_http2: DoS by null pointer in websocket over HTTP/2

A flaw was found in the Apache HTTP Server. Serving WebSocket protocol upgrades over an HTTP/2 connection could result in a NULL pointer dereference, leading to a crash of the server process...

OESA-2025-1274 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Security update for buildah

This update for buildah fixes the following issues: CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. bsc1236531 CVE-2025-27144: Fixed denial of service in parsing function of...

Linux Distros Unpatched Vulnerability : CVE-2025-23085

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected b...

Linux Distros Unpatched Vulnerability : CVE-2020-13943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent...

Security update for podman

This update for podman fixes the following issues: CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227052 CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap

A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...

nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap

A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...

SUSE CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

SUSE CVE-2024-52317

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap

A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...

nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap

A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...

grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend

A flaw was found in Google gRPC due to HPACK table poisoning between the proxy and backend so that other clients see failed requests, resulting in a denial of service. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent...

Security update for skopeo

This update for skopeo fixes the following issues: CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227056 CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

OESA-2025-1090 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

AZL-56519 CVE-2025-23085 affecting package nodejs for versions less than 20.14.0-5

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...