Lucene search
K

55 matches found

RedHat Linux
RedHat Linux
added 2023/11/14 4:3 p.m.121 views

Moderate: Red Hat Security Advisory: container-tools:rhel8 security and bug fix update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS6.5AI score0.04561EPSS
Exploits3References45
AlmaLinux
AlmaLinux
added 2023/11/14 12:0 a.m.60 views

Moderate: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...

9.8CVSS6.7AI score0.04561EPSS
Exploits3References36
RedHat Linux
RedHat Linux
added 2023/07/10 9:56 a.m.3 views

golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service...

7.5CVSS6.7AI score0.01479EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/07/10 9:56 a.m.457 views

Moderate: Red Hat Security Advisory: Red Hat Service Interconnect 1.4 Release security update

This is release 1.4 of the rpms for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allo...

9.8CVSS6.9AI score0.04561EPSS
Exploits1References15
Cvelist
Cvelist
added 2023/04/06 3:50 p.m.29 views

CVE-2023-24534 Excessive memory allocation in net/http and net/textproto

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

8.7AI score0.01888EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/04/06 3:50 p.m.29 views

CVE-2023-24536 Excessive resource consumption in net/http, net/textproto and mime/multipart

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

8.8AI score0.01479EPSS
Exploits0References8
OSV
OSV
added 2023/04/05 9:4 p.m.35 views

GO-2023-1705 Excessive resource consumption in net/http, net/textproto and mime/multipart

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

7.5CVSS8.7AI score0.01479EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2023/04/04 12:0 a.m.43 views

go -- multiple vulnerabilities

The Go project reports: go/parser: infinite loop in parsing Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. html/template: backticks not treated as string delimiters Templates di...

9.8CVSS7.8AI score0.02281EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:15 a.m.5 views

SUSE CVE-2015-5739

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."...

9.8CVSS9.4AI score0.09625EPSS
Exploits0References3
Snyk
Snyk
added 2022/05/23 10:46 p.m.3 views

HTTP Request Smuggling

Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report: net/http through net/textproto used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in...

8.7CVSS6.8AI score0.05157EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/01/21 12:0 a.m.40 views

Amazon Linux 2 : golang, --advisory ALAS2-2020-1383 (ALAS-2020-1383)

The version of golang installed on the remote host is prior to 1.13.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1383 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C...

5.6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/01/14 8:45 a.m.6 views

golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling

It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or ...

7.5CVSS7.3AI score0.05157EPSS
Exploits0References5
Amazon
Amazon
added 2019/10/21 6:1 p.m.40 views

Medium: golang

Issue Overview: It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server...

7.5CVSS7.7AI score0.05157EPSS
Exploits0
Veracode
Veracode
added 2019/01/15 9:12 a.m.27 views

HTTP Header Injection

net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling...

9.8CVSS9.3AI score0.09625EPSS
Exploits0References16Affected Software1
Veracode
Veracode
added 2017/04/27 7:4 a.m.30 views

HTTP Header Injection

net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling...

9.8CVSS9.3AI score0.09625EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder