Lucene search
K

54 matches found

RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.4 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.5 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
OSV
OSV
added 2020/04/27 10:15 p.m.1 views

DEBIAN-CVE-2020-9481

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack...

7.5CVSS7.3AI score0.02387EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/04/06 7:28 p.m.3 views

httpd: memory corruption on early pushes

A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash...

7.5CVSS7.1AI score0.14563EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/03/23 8:21 a.m.3 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2019/11/26 8:1 p.m.3 views

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

7.8CVSS7.2AI score0.58373EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/11/26 7:57 p.m.2 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2019/10/30 6:20 p.m.9 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2019/10/29 5:43 p.m.2 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
OSV
OSV
added 2019/08/13 9:15 p.m.3 views

ALPINE-CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the...

7.5CVSS8.9AI score0.82813EPSS
Exploits0References1
OSV
OSV
added 2019/08/13 12:0 a.m.6 views

UBUNTU-CVE-2019-9516

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...

7.5CVSS7.1AI score0.56262EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/11/27 9:18 a.m.8 views

nginx: Excessive CPU usage via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

7.8CVSS7.4AI score0.124EPSS
Exploits0References5
OSV
OSV
added 2017/09/13 4:29 p.m.7 views

UBUNTU-CVE-2015-5206

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168...

9.8CVSS7.2AI score0.02411EPSS
Exploits0References3
OSV
OSV
added 2017/04/20 12:0 a.m.2 views

UBUNTU-CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

9.8CVSS7.2AI score0.03123EPSS
Exploits1References5
Rows per page
Query Builder