81 matches found
USN-8471-1 containerd vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu...
Security Bulletin: Vulnerability in IBM Sterling Order Management
Summary golang.org/x/net-v0.52.0 is vulnerable, When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ADSys vulnerabilities (USN-8430-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8430-1 advisory. It was discovered that ADSys did not properly handle certain HTTP/2 frames. A remote attacker could possibly...
USN-8430-1: ADSys vulnerabilities
It was discovered that ADSys did not properly handle certain HTTP/2 frames. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 26.04 LTS. CVE-2026-27141 It was discovered that ADSys did not properly handle certain HTTP/2 SETTINGS frames. ...
Important: ecs-init
Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...
Important: docker
Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...
SUSE CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
UBUNTU-CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
EUVD-2026-28420
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
Infinite loop
Overview golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receiv...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which occurs when processing SETTINGS frames. If the value of SETTINGSMAXFRAMESIZE is set to 0, the...
PT-2026-38561
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Processing of HTTP/2 SETTINGS frames can lead to an infinite loop of writing CONTINUATION frames when a SETTINGS MAX FRAME SIZE with a value of 0 is received,...
MiracleLinux 8 : nghttp2-1.33.0-3.el8.1 (AXSA:2020-326:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-326:01 advisory. nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 8 : nodejs:12 (AXSA:2020-792:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-792:01 advisory. nodejs-dot-prop: prototype pollution CVE-2020-8116 nodejs: HTTP request smuggling due to CR-to-Hyphen conversion CVE-2020-8201 npm: Sensitive...
MiracleLinux 7 : httpd24-nghttp2-1.7.1-7.el7, httpd24-curl-7.61.1-1.el7, httpd24-httpd-2.4.34-7.el7 (AXSA:2019-3739:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3739:01 advisory. httpd: Improper handling of headers in modsession can allow a remote user to modify session data for CGI applications CVE-2018-1283 httpd: Out of...
EUVD-2019-18887
Malware in sbrugna...
EUVD-2018-3778
Malicious code in bioql PyPI...