59 matches found
GHSA-9CFH-VX93-84VV PostgresNIO processes unencrypted bytes from man-in-the-middle
Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...
PT-2022-21119 · Apple · Swiftnio
Name of the Vulnerable Software and Affected Versions: NIOHTTP1 affected versions not specified SwiftNIO affected versions not specified Description: The issue occurs when a HTTP/1.1 server accepts user-generated input from an incoming request and reflects it into a HTTP/1.1 response header. A...
Input validation
Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...
CVE-2022-3252
Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...
CVE-2022-3252
Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...
CVE-2022-3252
CVE-2022-3252 affects Apple SwiftNIO Extras. The issue arises in the transparent HTTP body decompression helpers, specifically HTTPRequestDecompressor and HTTPResponseDecompressor, which fail to detect when the decompressed body is complete. Attacks can append trailing junk data to a compressed H...
Apple SwiftNIO Extras 安全漏洞
Apple SwiftNIO Extras is an extension for the SwiftNIO web application framework from Apple Inc. A security vulnerability exists in Apple SwiftNIO Extras, which stems from the fact that if garbage data is appended to the body of an HTTP message, the code will repeatedly attempt to decompress this...
GHSA-FRG3-GPCX-968F SwiftNIO SSL arbitrary code execution vulnerability
A SwiftNIO application using TLS may be able to execute arbitrary code. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1...
SwiftNIO SSL arbitrary code execution vulnerability
A SwiftNIO application using TLS may be able to execute arbitrary code. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1...
SwiftNIO SSL arbitrary code execution vulnerability
A SwiftNIO application using TLS may be able to execute arbitrary code. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1...
CVE-2020-9840
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...
CVE-2020-9840
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...
Design/Logic Flaw
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...
CVE-2020-9840
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...
CVE-2020-9840
Vulnerability: apple/swift-nio-extras (SwiftNIO Extras) before 1.4.1 has a Denial of Service issue due to improper checks of the decompression size when using the .size decompression limit. Impact: potential crash or service disruption. Remediation: upgrade to version 1.4.1 or higher (per Snyk ad...
CVE-2019-8849
The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code...
CVE-2019-8849
The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code...
Arbitrary Code Execution
Overview apple/swift-nio-ssl is a TLS Support for SwiftNIO, based on BoringSSL. Affected versions of this package are vulnerable to Arbitrary Code Execution. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO...
Design/Logic Flaw
The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code...
CVE-2019-8849
The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code...