Lucene search
K

100 matches found

OSV
OSV
added 2024/04/04 8:15 p.m.7 views

ALPINE-CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

7.5CVSS6.9AI score0.91327EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/01/05 12:0 a.m.11 views

PT-2024-2652 · Envoy +1 · Envoy +1

Name of the Vulnerable Software and Affected Versions: Envoy versions 1.29.0 through 1.29.1 Description: The issue is related to the Envoy HTTP/2 protocol stack, which is vulnerable to a flood of CONTINUATION frames. This occurs because Envoy's HTTP/2 codec does not reset a request when header ma...

7.8CVSS8.3AI score0.86746EPSS
Exploits1References18
OSV
OSV
added 2023/12/24 9:15 p.m.7 views

AZL-33517 CVE-2023-51714 affecting package qt5-qtbase for versions less than 5.12.11-10

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check...

9.8CVSS7.4AI score0.00986EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/12/08 12:0 a.m.7 views

The vulnerability of the HTTP/2 network protocol implementation in BIG-IP’s access control and remote authentication mechanisms allows a attacker to cause service interruptions.

The vulnerability of the HTTP/2 network protocol implementation for BIG-IP access control and remote authentication mechanisms is related to an uncontrolled resource consumption during request processing. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.2AI score0.00626EPSS
Exploits0References2Affected Software13
RedHat Linux
RedHat Linux
added 2023/11/24 4:56 p.m.9 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/11/16 5:56 a.m.6 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
RedHat Linux
RedHat Linux
added 2023/11/08 1:10 a.m.11 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
Amazon
Amazon
added 2023/11/03 12:0 a.m.9 views

Important: oci-add-hooks

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: oci-add-hooks Issue Correction: Run dnf update...

7.5CVSS6.8AI score0.03796EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/10/20 10:28 p.m.5 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
OSV
OSV
added 2023/10/19 7:5 p.m.8 views

CLSA-2023-1697742355 Fix CVE(s): CVE-2023-44487

SECURITY UPDATE: The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: HTTP/2 - per-iteration stream handling limit. - CVE-2023-44487...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References1
Amazon
Amazon
added 2023/10/19 12:0 a.m.3 views

Important: runc

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: runc Note: This advisory is applicable to Amazon Linux...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/10/18 7:59 a.m.6 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
RedHat Linux
RedHat Linux
added 2023/10/17 9:19 a.m.4 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.4 views

Apache Traffic Server 信息泄露漏洞

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an information disclosure vulnerability that stems from the application exposing sensitive information and is vulnerable to HTTP/2 and s3...

7.5CVSS6.2AI score0.0122EPSS
Exploits0References7
Amazon
Amazon
added 2023/10/17 12:0 a.m.24 views

Important: dotnet6.0

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: dotnet6.0 Issue Correction: Run dnf update dotnet6.0...

7.5CVSS7.5AI score0.99999EPSS
Exploits19
RedHat Linux
RedHat Linux
added 2023/10/16 11:30 a.m.4 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
NCSC
NCSC
added 2023/10/16 12:0 a.m.8 views

Vulnerabilities fixed Node.js

Several vulnerabilities have been fixed in Node.js. A malicious party could potentially exploit the vulnerabilities remotely to cause a denial-of-service DoS, bypass of authentication and/or gaining access to sensitive data. The vulnerability with attribute CVE-2023-44487 is a Denial-of-Service D...

9.8CVSS7.5AI score0.99999EPSS
Exploits19
OSV
OSV
added 2023/10/11 10:15 p.m.10 views

AZL-31691 CVE-2023-39325 affecting package coredns for versions less than 1.9.3-9

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.9 views

AZL-31616 CVE-2023-39325 affecting package telegraf for versions less than 1.27.3-3

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.11 views

AZL-37478 CVE-2023-39325 affecting package golang for versions less than 1.21.6-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
Rows per page
Query Builder