Lucene search
K

182 matches found

RedHat Linux
RedHat Linux
added 4 days ago3 views

netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

8.7CVSS6.1AI score0.00606EPSS
Exploits0References7
NVD
NVD
added 2026/06/30 1:17 p.m.8 views

CVE-2026-13474

Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...

8.7CVSS0.0044EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:3 p.m.6 views

CVE-2026-13474

Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...

8.7CVSS5.8AI score0.0044EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/06/29 8:3 p.m.22 views

CVE-2026-13763

This CVE affects AWS Application Load Balancer (ALB) with AWS WAF enabled, where inconsistent interpretation of HTTP/2 requests can allow bypass of WAF body inspection when the request body is fragmented across frames, leading to partial inspection. Affected component: HTTP/2 ALB target groups; r...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53692

Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52885

Name of the Vulnerable Software and Affected Versions Envoy versions 1.34.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The PROXY Protocol v2 header generator emits Type-Length-Values TLVs that exceed t...

4.8CVSS5.8AI score0.00218EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 5:40 a.m.3 views

BIT-ENVOY-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS6AI score0.00815EPSS
Exploits1References11
OSV
OSV
added 2026/06/20 6:56 a.m.2 views

SUSE-SU-2026:22195-1 Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...

9.8CVSS6.7AI score0.01339EPSS
Exploits2References15
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.12 views

netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

8.7CVSS5.6AI score0.00606EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.9 views

netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

8.7CVSS5.6AI score0.00606EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/16 2:19 a.m.10 views

SUSE CVE-2026-48059

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

7.5CVSS5.5AI score0.00606EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/12 12:0 a.m.9 views

HTTP/2 Exposure Auditor

The script safely evaluates HTTP/2 exposure by negotiating ALPN, initiating a minimal HTTP/2 session, collecting server SETTINGS frames, and identifying potentially permissive protocol configurations. It avoids stream amplification, flooding behavior, connection fan-out, and sustained resource...

5.3AI score
Exploits0
OSV
OSV
added 2026/06/11 8:19 p.m.8 views

GHSA-H2QV-FJ59-J46J Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion

Impact The HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested PP2TYPESSL TLVs type-length-value records at depth two or greater. The leak occurs on the successful parse path — no exception is...

8.7CVSS5.7AI score0.00606EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/10 4:54 p.m.19 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
Cvelist
Cvelist
added 2026/06/06 9:14 a.m.43 views

CVE-2026-10725 Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

0.00414EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-10725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small...

7.5CVSS5.7AI score0.00414EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 7:8 a.m.6 views

SUSE-SU-2026:2192-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/06/01 7:8 a.m.15 views

Security update for ignition

This update for ignition fixes the following issue CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.47 views

Amazon Linux 2023 : mod_http2 (ALAS2023-2026-1724)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1724 advisory. Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes...

8.8CVSS5.8AI score0.4581EPSS
Exploits16References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Apache2

A properly crafted method sent via HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server versions 2.4.17 to 2.4.48...

7.5CVSS6.3AI score0.46179EPSS
Exploits1References2
Rows per page
Query Builder