12 matches found
EUVD-2024-2452
Malicious code in bioql PyPI...
undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...
undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...
undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...
undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...
UBUNTU-CVE-2024-5971
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...
CVE-2024-5971
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...
Arbitrary Code Execution
wget is vulnerable to arbitrary code execution attacks. The vulnerability exists as the http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's...
Updated wget packages fix security vulnerabilities
The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chun...
Design/Logic Flaw
The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...
DEBIAN-CVE-2017-13089
The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...
nginx buffer overflow
Buffer overflow on proxypass upstream HTTP server response processing. Buffer overflow on chunked response parsing...