Lucene search
K

30 matches found

OSV
OSV
added 2024/04/04 9:15 p.m.4 views

AZL-38683 CVE-2023-45288 affecting package gh for versions less than 2.62.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.18 views

AZL-38314 CVE-2023-45288 affecting package blobfuse2 for versions less than 2.3.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.9 views

AZL-39244 CVE-2023-45288 affecting package kubevirt for versions less than 0.59.0-16

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 8:15 p.m.7 views

AZL-43978 CVE-2024-27316 affecting package mod_http2 1.15.14-2

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

7.5CVSS6.6AI score0.91327EPSS
Exploits2References1
OSV
OSV
added 2024/02/26 4:27 p.m.2 views

DEBIAN-CVE-2024-24568

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3...

5.3CVSS6.2AI score0.00638EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.6 views

Suricata security breach

Suricata is a suite of network Intrusion Detection Systems IDS, Intrusion Prevention Systems IPS, and network security monitoring engines developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load...

5.3CVSS6.6AI score0.00638EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.3 views

PT-2023-4885 · Grpc +1 · Grpc +1

Name of the Vulnerable Software and Affected Versions: gRPC versions prior to v1.53 Description: The issue is related to the gRPC C++ implementation, where certain headers can cause an abort to be called when sent via http2. The affected headers include te: x where x is not trailers, :scheme: x...

7.8CVSS6.9AI score0.02659EPSS
Exploits1References24
RedHat Linux
RedHat Linux
added 2022/11/28 10:33 a.m.7 views

varnish: Request Forgery Vulnerability

An HTTP Request Forgery issue was discovered in Varnish Cache. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could be used to exploit...

7.5CVSS7.2AI score0.00928EPSS
Exploits0References6
OSV
OSV
added 2020/12/03 7:15 p.m.3 views

DEBIAN-CVE-2020-17527

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...

7.5CVSS7.1AI score0.24622EPSS
Exploits0References1
OSV
OSV
added 2019/11/27 4:15 p.m.1 views

DEBIAN-CVE-2019-19330

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...

9.8CVSS8.1AI score0.03955EPSS
Exploits0References1
Rows per page
Query Builder