The vulnerability of the hci_codec component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the hcicodec component in the Linux operating system’s kernel is related to the lack of memory release after the effective lifespan of the component has ended. Exploiting this vulnerability can allow an attacker to cause a service failure...

BIT-ENVOY-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

CVE-2024-45807

A flaw was found in Envoy. Affected version of Envoy are using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this issue, Envoy will switch off the oghttp2 by default. This issue may cause envoy to crash. Mitigation Mitigation fo...

CVE-2024-45807

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

CVE-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

CVE-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

CVE-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

CVE-2024-45807

CVE-2024-45807 affects Envoy 1.31.x where the default HTTP/2 codec is the oghttp implementation. The issue stems from bugs in stream management within oghttp2, which can cause Envoy to crash. A fix is available: upgrade to 1.31.2 (addressed in multiple advisories). Workarounds include disabling o...

de.gematik.bbriccs:bricks-integration-coverage (=0.1.9), de.gematik.bbriccs:fd-fhir-client-brick (=0.1.9) +18 more potentially affected by CVE-2024-46984 via de.gematik.refv.commons:commons (>=0.1.3 <=2.5.0)

de.gematik.refv.commons:commons MAVEN version =0.1.3, =0.1.9, =0.1.9, =2.1.0, =1.0.0, =0.6.0, =0.3.0, =0.1.3, =0.5.0, =0.5.0, =0.4.1, =0.1.3, =0.3.0 and more Source cves: CVE-2024-46984 Source advisory: OSV:GHSA-68J8-FP38-P48Q...

PT-2024-31787 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions 1.31 through 1.31.1 Description: Envoy is a cloud-native high-performance edge/middle/service proxy. In version 1.31, Envoy is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in t...

openSUSE 15 Security Update : gstreamer-plugins-bad (openSUSE-SU-2024:0305-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0305-1 advisory. Adding references for already fixed vulnerability: - CVE-2023-50186: Fixed heap-based buffer overflow in the AV1 codec parser ZDI-CAN-22300,...

RLSA-2024:5941 Moderate: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Heap buffer overflow related to VP9 encoding CVE-2023-6349 libvpx: Integer overflow in vpximgalloc...

The vulnerability of the `mc_chroma` function in the `motion.cc` component of the h.265 Libde265 video codec implementation, related to writing beyond buffer boundaries, allows a hacker to cause a service failure.

The vulnerability of the mcchroma function in the motion.cc component of the H.265 Libde265 video codec implementation is related to writing beyond buffer boundaries. Exploiting this vulnerability can allow a malicious actor to cause service failures using a specially created video file...

The vulnerability of FLAC files in the Gstreamer multimedia framework, related to integer overflow or cyclic transitions, allows attackers to execute arbitrary code.

The vulnerability of the FLAC file format used by the Gstreamer multimedia framework is related to integer overflow or cyclic redundancy checks. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

Moderate: Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Migration Toolkit for Runtimes 1.2.7 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

[SECURITY] [DLA 3881-1] aom security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3881-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 07, 2024 https://wiki.debian.org/LTS -...

Debian dla-3881 : aom-tools - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3881 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3881-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DSA 5753-1] aom security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5753-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq -...

Debian dsa-5753 : aom-tools - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5753 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5753-1 [email protected] https://www.debian.org/security/ Moritz...