Lucene search
+L

342 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.24 views

AlmaLinux 9 : golang (ALSA-2024:1963)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1963 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state...

7.5CVSS7.5AI score0.91969EPSS
Exploits1References2
Mageia
Mageia
added 2024/04/13 4:56 p.m.46 views

Updated golang packages fix security vulnerability

CVE-2023-45288: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS7.2AI score0.91969EPSS
Exploits1References2
OSV
OSV
added 2024/04/06 6:19 p.m.26 views

BIT-GOLANG-2023-45288 HTTP/2 CONTINUATION flood in net/http

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS8AI score0.91969EPSS
Exploits1References10
OSV
OSV
added 2024/04/05 3:6 p.m.6 views

GHSA-W7HM-HMXV-PVHF HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...

7.5CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/04/05 3:6 p.m.19 views

HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...

7.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/04 9:30 p.m.59 views

net/http, x/net/http2: close connections when receiving too many headers

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7.1AI score0.91969EPSS
Exploits1References12Affected Software3
OSV
OSV
added 2024/04/04 9:15 p.m.13 views

AZL-39232 CVE-2023-45288 affecting package kata-containers for versions less than 3.2.0.azl2-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.10 views

AZL-38284 CVE-2023-45288 affecting package kured for versions less than 1.15.0-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.10 views

AZL-39268 CVE-2023-45288 affecting package helm for versions less than 3.14.2-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/04 8:37 p.m.17 views

CVE-2023-45288 HTTP/2 CONTINUATION flood in net/http

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.2AI score0.91969EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/04/04 8:37 p.m.27 views

CVE-2023-45288 HTTP/2 CONTINUATION flood in net/http

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

6.1AI score0.91969EPSS
Exploits1References8
CVE
CVE
added 2024/04/04 8:37 p.m.2513 views

CVE-2023-45288

CVE-2023-45288 concerns an HTTP/2 HPACK processing issue where an attacker can force an endpoint to parse excessive HEADERS and CONTINUATION frames, potentially reading large, even Huffman-encoded, header data beyond intended bounds. The vulnerability arises when request headers exceed MaxHeaderB...

7.5CVSS8.1AI score0.91969EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2024/04/04 8:37 p.m.91 views

CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7.9AI score0.91969EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2024/04/04 8:37 p.m.104 views

CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS8.3AI score0.91969EPSS
Exploits1
FreeBSD
FreeBSD
added 2024/04/04 12:0 a.m.28 views

forgejo -- HTTP/2 CONTINUATION flood in net/http

[email protected] reports: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's heade...

7.5CVSS6.9AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/03 9:12 p.m.120 views

GO-2024-2687 HTTP/2 CONTINUATION flood in net/http

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS8.1AI score0.91969EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2024/04/03 12:0 a.m.33 views

go -- http2: close connections when receiving too many headers

The Go project reports: http2: close connections when receiving too many headers Maintaining HPACK state requires that we parse and process all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, we don't allocate memory to store the excess headers but...

7.5CVSS7AI score0.91969EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/10/27 12:0 a.m.47 views

Oracle Linux 7 : grub2 (ELSA-2023-12952)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12952 advisory. - Add CVE-2022-28736 to the list JIRA: OLDIS-16371 - Fix: CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735...

8.1CVSS6.6AI score0.01284EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2023/10/05 7:0 a.m.5 views

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

...

6.9CVSS6.5AI score0.00471EPSS
Exploits0
CNVD
CNVD
added 2023/09/27 12:0 a.m.36 views

Google libwebp open source library remote code execution vulnerability

WebP is an image format developed by Google, which supports lossy and lossless compression of network images, and its compression effect and speed have certain advantages over PNG and JPEG formats. libwebp is a C/C++ open source library that implements the coding and decoding of the WebP image...

8.8CVSS9.3AI score0.99735EPSS
Exploits9References1
Rows per page
Query Builder