CVE-2025-32908

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...

CVE-2025-0123 PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures

A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/...

SUSE SLES15 Security Update : buildah (SUSE-SU-2025:0813-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0813-1 advisory. - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an...

Linux Distros Unpatched Vulnerability : CVE-2023-51714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2...

Advisory ROSA-SA-2025-2740

Software: modhttp2 1.15.7 OS: ROSA Virtualization 3.0 packageevrstring: modhttp2-1.15.7-10.rv30.1 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already...

OESA-2025-1183 etcd security update

%expand: Security Fixes: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows th...

OESA-2025-1170 etcd security update

%expand: Security Fixes: Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.CVE-2021-28235 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.CVE-2022-3064 Etcd v3.5.4 allows remote...

OESA-2025-1168 etcd security update

%expand: Security Fixes: Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.CVE-2021-28235 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.CVE-2022-3064 Etcd v3.5.4 allows remote...

SUSE-SU-2025:0558-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. bsc1236531...

SUSE CVE-2023-1428

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

SUSE CVE-2023-32731

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

SUSE-SU-2025:0420-1 Security update for skopeo

This update for skopeo fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227056 - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

Azure Linux 3.0 Security Update: qt5-qtbase / qtbase (CVE-2024-39936)

The version of qt5-qtbase / qtbase installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39936 advisory. - An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x...

Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)

The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory. - An attacker May cause an HTTP/...

DEBIAN-CVE-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

CVE-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

AZL-56476 CVE-2025-23085 affecting package nodejs18 for versions less than 18.20.3-3

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

CVE-2022-25906

All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function...

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2023-45288).

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of availability of host system. This bulletin identifies the steps to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2...