CVE-2022-35236 HTTP2 profile vulnerability CVE-2022-35236

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS...

PT-2022-22645 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 14.1.x through 14.1.5 BIG-IP versions 15.1.x through 15.1.6.1 BIG-IP versions 16.1.x through 16.1.2.2 Description: When an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory...

F5 BIG-IP HTTP2 profile denial of service vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP HTTP2 profile, which stems from the fact that when configuring the...

F5 Networks BIG-IP : HTTP2 profile vulnerability (K79933541)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5 / 15.1.6.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K79933541 advisory. - In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5,...

GO-2022-0288 Unbounded memory growth in net/http and golang.org/x/net/http2

An attacker can cause unbounded memory growth in servers accepting HTTP/2 requests...

Undertow vulnerable to Denial of Service (DoS) attacks

Undertow client side invocation timeout raised when calling over HTTP2, this vulnerability can allow attacker to carry out denial of service DoS attacks in versions less than 2.2.15 Final...

GHSA-339Q-62WM-C39W Undertow vulnerable to Denial of Service (DoS) attacks

Undertow client side invocation timeout raised when calling over HTTP2, this vulnerability can allow attacker to carry out denial of service DoS attacks in versions less than 2.2.15 Final...

Denial Of Service (DoS)

HTTP2 Server is vulnerable to Denial Of Service DoS. The vulnerability exists in onRequest function in HttpChannelOverHTTP2.java due to improper error handling which allows an attacker to cause an application crash...

undertow Race Condition vulnerability

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel web...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel web...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel web...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel we...

golang.org/x/net/http vulnerable to a reset flood

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of stream...

golang.org/x/net/http vulnerable to ping floods

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

GHSA-HGR8-6H9X-F7Q9 golang.org/x/net/http vulnerable to ping floods

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

co.paralleluniverse:comsat-test-utils (=0.2.0), io.undertow:undertow-http2-test-suite (>=1.1.0.Beta7 <=1.1.0.Beta8) +4 more potentially affected by CVE-2014-7816 via io.undertow:undertow-core (>=1.1.0.Beta1 <=1.1.0.CR4)

io.undertow:undertow-core MAVEN version =1.1.0.Beta1, =1.1.0.Beta7, =1.1.0.Beta1, =1.1.0.Beta1, =1.0.0.Alpha1, =1.0.0.Alpha8 Source cves: CVE-2014-7816 Source advisory: OSV:GHSA-H6P6-FC4W-CQHX...

GHSA-H3Q4-6J7F-R24C priority vulnerable to denial of service

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

Mozilla Firefox Security Advisories (MFSA2021-48, MFSA2021-49) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...