Lucene search
K

664 matches found

AlpineLinux
AlpineLinux
added 2024/04/04 8:37 p.m.94 views

CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS8.3AI score0.91969EPSS
Exploits1
Cvelist
Cvelist
added 2024/04/04 7:41 p.m.39 views

CVE-2024-30255 HTTP/2: CPU exhaustion due to CONTINUATION frame flood

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of...

5.3CVSS5.8AI score0.8781EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/04/04 7:41 p.m.25 views

CVE-2024-30255 HTTP/2: CPU exhaustion due to CONTINUATION frame flood

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of...

5.3CVSS6.7AI score0.8781EPSS
Exploits1References3
OSV
OSV
added 2024/04/04 7:41 p.m.8 views

CVE-2024-30255 HTTP/2: CPU exhaustion due to CONTINUATION frame flood

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of...

5.3CVSS6.8AI score0.8781EPSS
Exploits1References6
OSV
OSV
added 2024/04/04 3:15 p.m.5 views

AZL-38728 CVE-2024-28182 affecting package cmake for versions less than 3.29.6-1

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.7AI score0.8496EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.4 views

AZL-38881 CVE-2024-28182 affecting package nodejs for versions less than 20.14.0-1

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.7AI score0.8496EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.7 views

AZL-56113 CVE-2024-28182 affecting package fluent-bit for versions less than 3.0.6-1

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.7AI score0.8496EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.3 views

AZL-39115 CVE-2024-28182 affecting package cmake for versions less than 3.21.4-14

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS7.2AI score0.8496EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.3 views

AZL-42099 CVE-2024-28182 affecting package fluent-bit for versions less than 3.1.9-2

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.7AI score0.8496EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.6 views

AZL-39520 CVE-2024-28182 affecting package rust for versions less than 1.68.0-1

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.9AI score0.8496EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.6 views

AZL-39460 CVE-2024-28182 affecting package nghttp2 for versions less than 1.57.0-2

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.9AI score0.8496EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.3 views

AZL-39148 CVE-2024-28182 affecting package nodejs18 for versions less than 18.20.3-1

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.7AI score0.8496EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.5 views

AZL-38719 CVE-2024-28182 affecting package rust for versions less than 1.75.0-1

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.7AI score0.8496EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.4 views

AZL-38995 CVE-2024-28182 affecting package nghttp2 for versions less than 1.61.0-1

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.7AI score0.8496EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.6 views

DEBIAN-CVE-2024-28182

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.9AI score0.8496EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.5 views

UBUNTU-CVE-2024-28182

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.8AI score0.8496EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/04/04 2:41 p.m.36 views

CVE-2024-28182 Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS5.4AI score0.8496EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/04/04 2:41 p.m.33 views

CVE-2024-28182 Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS5.8AI score0.8496EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2024/04/04 2:30 p.m.44 views

CVE-2024-27919 HTTP/2: memory exhaustion due to CONTINUATION frame flood

Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an...

7.5CVSS7.1AI score0.86746EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/04/04 1:6 p.m.19 views

CVE-2024-2758

Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately...

7AI score0.7275EPSS
Exploits0References4
Rows per page
Query Builder