libsoup: HTTP request smuggling via stripping null bytes from the ends of header names

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

libsoup: HTTP request smuggling via stripping null bytes from the ends of header names

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

libsoup: HTTP request smuggling via stripping null bytes from the ends of header names

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

libsoup: HTTP request smuggling via stripping null bytes from the ends of header names

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

libsoup: HTTP request smuggling via stripping null bytes from the ends of header names

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

libsoup: HTTP request smuggling via stripping null bytes from the ends of header names

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

libsoup: HTTP request smuggling via stripping null bytes from the ends of header names

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

libsoup: HTTP request smuggling via stripping null bytes from the ends of header names

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

libsoup security update

2.62.3-6 - Backport upstream patch for CVE-2024-52530 - HTTP request smuggling via stripping null bytes from the ends of header names - Backport upstream patch for CVE-2024-52530 - infinite loop while reading websocket data - Resolves: RHEL-67076 - Resolves: RHEL-67067...

libvirt: Crash of virtinterfaced via virConnectListInterfaces()

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterface...

Malicious code in bytes-guide (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 52ffd94abfbfd2f2e971d55c6e01e3fa3ef3fa60ecd7d609df30f438fccd6bec The OpenSSF Package Analysis project identified 'bytes-guide' @ 99.3.5 npm as malicious. It is considered malicious because: - The package...

MAL-2024-10599 Malicious code in bytes-guide (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 52ffd94abfbfd2f2e971d55c6e01e3fa3ef3fa60ecd7d609df30f438fccd6bec The OpenSSF Package Analysis project identified 'bytes-guide' @ 99.3.5 npm as malicious. It is considered malicious because: - The package...

Malicious code in bytes-guides (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1671de27300530379441b59e870fa2d13121919510fe9f5ced2bb2a4dc2e6fe1 The OpenSSF Package Analysis project identified 'bytes-guides' @ 99.3.5 npm as malicious. It is considered malicious because: - The package...

MAL-2024-10600 Malicious code in bytes-guides (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1671de27300530379441b59e870fa2d13121919510fe9f5ced2bb2a4dc2e6fe1 The OpenSSF Package Analysis project identified 'bytes-guides' @ 99.3.5 npm as malicious. It is considered malicious because: - The package...

SUSE CVE-2024-50253

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of nrwords in bpfiterbitsnew Check the validity of nrwords in bpfiterbitsnew. Without this check, when multiplication overflow occurs for nrbits e.g., when nrwords = 0x0400-0001, nrbits becomes 64, stack...

DEBIAN-CVE-2024-50253

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of nrwords in bpfiterbitsnew Check the validity of nrwords in bpfiterbitsnew. Without this check, when multiplication overflow occurs for nrbits e.g., when nrwords = 0x0400-0001, nrbits becomes 64, stack...

SUSE CVE-2024-50169

In the Linux kernel, the following vulnerability has been resolved: vsock: Update rxbytes on readskb Make sure virtiotransportincrxpkt and virtiotransportdecrxpkt calls are balanced i.e. virtiovsocksock::rxbytes doesn't lie after vsocktransport::readskb. While here, also inform the peer that we'v...

DEBIAN-CVE-2024-50169

In the Linux kernel, the following vulnerability has been resolved: vsock: Update rxbytes on readskb Make sure virtiotransportincrxpkt and virtiotransportdecrxpkt calls are balanced i.e. virtiovsocksock::rxbytes doesn't lie after vsocktransport::readskb. While here, also inform the peer that we'v...

UBUNTU-CVE-2024-50169

In the Linux kernel, the following vulnerability has been resolved: vsock: Update rxbytes on readskb Make sure virtiotransportincrxpkt and virtiotransportdecrxpkt calls are balanced i.e. virtiovsocksock::rxbytes doesn't lie after vsocktransport::readskb. While here, also inform the peer that we'v...

Use After Free

MicroPython is vulnerable to a Use-After-Free. The vulnerability is due to improper memory handling in the objarray component, where resizing a bytes object and copying it into itself can result in references to freed memory, potentially allowing remote exploitation...