httpd: NULL pointer dereference via crafted request during HTTP/2 request processing

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

httpd: NULL pointer dereference via crafted request during HTTP/2 request processing

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

PT-2022-24859 · Traefik +1 · Traefik +1

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.8.8 Traefik versions prior to 2.9.0-rc5 Description: There is a potential issue in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. Thi...

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

...

PT-2022-4659

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.18.6 Go versions 1.19.x prior to 1.19.1 Description The issue is related to the net/http package in Go, where an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error, leading to a denial ...

PT-2022-13755 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A flaw was found in Undertow, related to flow control handling by the browser over HTTP/2, which may cause overhead or a denial of service in the server. This issue is due to an incomplete...

DEBIAN-CVE-2022-25763

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

netty: possible request smuggling in HTTP/2 due missing validation

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel web...

GHSA-68G5-8Q7F-M384 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL...

PT-2022-13302 · Apple · Swift-Nio-Http2

Name of the Vulnerable Software and Affected Versions: swift-nio-http2 versions 1.0.0 through 1.19.2 Description: A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logic...

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

PT-2022-1791 · Microsoft +5 · Net 5.0 +7

Name of the Vulnerable Software and Affected Versions: .NET 6.0 versions 6.0.0 through 6.0.1 .NET 5.0 versions 5.0.0 through 5.0.13 Description: A Denial of Service issue exists in .NET 6.0 and .NET 5.0 when the Kestrel web server processes certain HTTP/2 and HTTP/3 requests. This is due to...

haproxy: does not ensure that the scheme and path portions of a URI have the expected characters

A flaw was found in haproxy. An input validation flaw when processing HTTP/2 requests causes haproxy to not ensure that the scheme and path portions of a URI have the expected characters. This may cause specially crafted input to bypass implemented security restrictions. The highest threat from...

AZL-33641 CVE-2021-44716 affecting package rook for versions less than 1.6.2-19

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

UBUNTU-CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a resource management error vulnerability that stems from the fact that HTTP2 session objects may be reused when released on a different thread, leading to memory corruptio...

haproxy: does not ensure that the scheme and path portions of a URI have the expected characters

A flaw was found in haproxy. An input validation flaw when processing HTTP/2 requests causes haproxy to not ensure that the scheme and path portions of a URI have the expected characters. This may cause specially crafted input to bypass implemented security restrictions. The highest threat from...

Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports

The Mozilla Foundation Security Advisory describes this flaw as: The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on...