7 matches found
PT-2026-4817
Name of the Vulnerable Software and Affected Versions Next.js versions with experimental.ppr: true or cacheComponents: true configured along with the NEXT PRIVATE MINIMAL MODE=1 environment variable Description A denial of service issue exists in Next.js when Partial Prerendering PPR is enabled i...
USN-7966-2: Telegraf vulnerabilities
USN-7966-1 fixed vulnerabilities in Snowflake. This update provides the corresponding updates for Telegraf. Original advisory details: It was discovered that Pion DTLS, vendored in Telegraf, did not impose a limit on the amount of data that was buffered during the handshake. An attacker could...
The vulnerability of the HandleData() function in the Go programming language-based crypto/tls package allows a perpetrator to trigger a service failure.
The vulnerability of the HandleData function in the crypto/tls package for the Go programming language is related to an incorrect limitation on data size before buffering. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
golang: crypto/tls: lack of a limit on buffered post-handshake
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size...
golang: crypto/tls: lack of a limit on buffered post-handshake
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size...
golang: crypto/tls: lack of a limit on buffered post-handshake
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size...
Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-4113-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4113-1 advisory. Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some...