10 matches found
Allocation of Resources Without Limits or Throttling
Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforcement of the advertised...
CVE-2025-68346 ALSA: dice: fix buffer overflow in detect_stream_formats()
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...
SUSE CVE-2025-47950
CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...
CVE-2025-55163 Netty MadeYouReset HTTP/2 DDoS Vulnerability
Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent...
CVE-2025-55163
Netty (HTTP/2) vulnerability CVE-2025-55163: a logic flaw in HTTP/2 control frames (MadeYouReset) can bypass max concurrent streams, causing resource exhaustion and DoS. Affected: Netty versions before 4.1.124.Final and 4.2.4.Final. Impact: high availability risk; no confidentiality/integrity imp...
CVE-2025-55163 Netty MadeYouReset HTTP/2 DDoS Vulnerability
Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent...
CVE-2025-55163
Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent...
K000152001: HTTP/2 vulnerability CVE-2025-54500
Security Advisory Description An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames to break the maximum concurrent streams limit HTTP/2 MadeYouReset Attack. CVE-2025-54500 Impact This vulnerability allows a remote, unauthenticated attacker to caus...
AZL-63695 CVE-2025-47950 affecting package coredns for versions less than 1.11.1-19
CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...
Exploit for Uncontrolled Resource Consumption in Ietf Http
HTTP2 Rapid Reset Attack: CVE-2023-44487 Quick exploit to test...