174 matches found
Amazon Linux 2 : runc (ALASDOCKER-2025-068)
The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1040)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1040 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...
Important: cni-plugins
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1012)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1012 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
Important: containerd
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: cni-plugins
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
OESA-2025-1611 cpp-httplib security update
A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...
Important: runfinch-finch
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Amazon Linux 2023 : oci-add-hooks (ALAS2023-2025-978)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-978 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...
[SECURITY] [DLA 4187-1] varnish security update
Debian LTS Advisory DLA-4187-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 28, 2025 https://wiki.debian.org/LTS Package : varnish Version : 6.5.1-1+deb11u5 CVE ID : CVE-2025-47905 A client-side desync vulnerability can be triggered in Varnish, a...
Debian dla-4187 : libvarnishapi-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4187 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4187-1 [email protected] https://www.debian.org/lts/security/...
Amazon Linux 2 : nerdctl (ALAS-2025-2863)
The version of nerdctl installed on the remote host is prior to 2.0.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2863 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a...
Amazon Linux 2 : oci-add-hooks (ALASNITRO-ENCLAVES-2025-061)
The version of oci-add-hooks installed on the remote host is prior to 0-0.3.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-061 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid...
CVE-2002-2394
InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding...
FreeBSD : www/varnish7 -- Request Smuggling Attack (89c668d5-2f80-11f0-9632-641c67a117d8)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 89c668d5-2f80-11f0-9632-641c67a117d8 advisory. The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish...
www/varnish7 -- Request Smuggling Attack
The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests. An attacker can abuse a flaw in Varnish's handling of chunked...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of incoming HTTP requests with Transfer-Encoding: chunked or without a Content-Length header. An attacker can cause uncontrolled memory allocation on the server b...
HTTP Request Smuggling
h11 is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper input validation in lenient parsing of line terminators in chunked transfer encoding, which can be exploited when combined with a misconfigured proxy...
GHSA-5423-JCJM-2GPV Traefik affected by Go HTTP Request Smuggling Vulnerability
Summary net/http: request smuggling through invalid chunked data: The net/http package accepts data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk...
Important: golang
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...