21 matches found
EUVD-2007-5587
Malware in sbrugna...
K000153119: libtirpc vulnerability CVE-2021-46828
Security Advisory Description In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections. CVE-2021-46828 Impact...
Important: libtirpc
Issue Overview: In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections. CVE-2021-46828 Affected Packages:...
jetty: stop accepting new connections from valid clients
A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...
Uncontrolled Resource Consumption ('Resource Exhaustion')
Overview Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' due to the handling of connections in NetFraming based services. An attacker can consume extra system resources by establishing connections that are not properly closed or aborted...
PT-2024-22368 · Corewcf · Corewcf
Name of the Vulnerable Software and Affected Versions: CoreWCF versions prior to 1.4.2 CoreWCF versions prior to 1.5.2 Description: The issue affects NetFraming based CoreWCF services, where extra system resources could be consumed by connections being left established instead of closing or...
BIT-ENVOY-2022-23606 Crash when a cluster is deleted in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service CDS all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle...
SUSE CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections...
SUSE CVE-2022-23606
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service CDS all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle...
libtirpc: DoS vulnerability with lots of connections
A denial of service DoS vulnerability was found in libtirpc. This flaw allows a remote attacker to exhaust the file descriptors of a process that uses libtirpc due to mishandling idle TCP connections. This issue leads to a svcrun infinite loop without accepting new connections...
In libtirpc before 1.3.3rc1 remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can in turn lead to an svc_run infinite loop without accepting new connections.
...
OESA-2022-1795 libtirpc security update
Libtirpc is a Transport-Independent RPC library for Linux Security Fixes: In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without...
DEBIAN-CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections...
ALPINE-CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections...
UBUNTU-CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections...
LIBTIRPC 安全漏洞
LIBTIRPC is a package used on Linux systems that contains libraries supporting programs that use the Remote Procedure Call RPC API. A security vulnerability exists in versions of LIBTIRPC prior to 1.3.3rc1, which stems from the fact that a remote attacker can exhaust the file descriptors of a fil...
PT-2022-7313 · Libtirpc +9 · Libtirpc +9
Name of the Vulnerable Software and Affected Versions: libtirpc versions prior to 1.3.3rc1 Description: The issue is related to the mishandling of idle TCP connections, which can lead to the exhaustion of file descriptors of a process that uses libtirpc. This can cause an svc run infinite loop...
libtirpc: DoS vulnerability with lots of connections
A denial of service DoS vulnerability was found in libtirpc. This flaw allows a remote attacker to exhaust the file descriptors of a process that uses libtirpc due to mishandling idle TCP connections. This issue leads to a svcrun infinite loop without accepting new connections...
Design/Logic Flaw
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service CDS all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle...
PT-2022-16121 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service CDS, all idle connections established to...