209 matches found
PT-2024-31607 · H2O · H2O
Name of the Vulnerable Software and Affected Versions: h2o versions prior to the version containing commit 1ed32b2 Description: The issue affects h2o, an HTTP server that supports HTTP/1.x, HTTP/2, and HTTP/3. When configured as a reverse proxy, h2o may crash due to an assertion failure if HTTP/3...
dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution
A flaw was found in dotnet. When closing an HTTP/3 stream while application code is writing to the response body, a race condition can cause a use-after-free...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free that could allow remote code execution when closing an HTTP/3 stream. An attacker can exploit a race condition when the application code is writing to the response body. Note: HTTP/3 is not enabled by default. Remediation...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code execution...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code executi...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code execution...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code execution...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3 requests ...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3 requests ...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3 request...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3 requests ...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3...
The vulnerability of the HTTP/3 QUIC module (ngx_http_v3_module) in NGINX Plus and NGINX OSS web servers allows a attacker to cause a service failure.
The vulnerability of the HTTP/3 QUIC module ngxhttpv3module in NGINX Plus and NGINX OSS servers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted HTTP/3 requests...
The vulnerability of the HTTP/3 QUIC module (ngx_http_v3_module) in NGINX Plus and NGINX OSS web servers allows a hacker to gain unauthorized access to protected information.
The vulnerability of the HTTP/3 QUIC module ngxhttpv3module in NGINX Plus and NGINX OSS servers is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information through specially crafted HTTP/3 reques...
SUSE CVE-2024-34161
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...