AZL-33285 CVE-2023-49295 affecting package coredns for versions less than 1.11.1-5

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

UBUNTU-CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

CVE-2023-49295 quic-go's path validation mechanism can cause denial of service

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

quic-go's path validation mechanism can be exploited to cause denial of service

An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can prevent the receiver from sending out the vast majority of these PATHRESPONSE frames by...

Quic-go Resource Management Error Vulnerability

quic-go is an implementation of the QUIC protocol, RFC 9000, in Go by Lucas Clemente, a private developer. A resource management error vulnerability exists in quic-go, which stems from a potential denial of service when subjected to too many PATHCHALLENGE frames...

PT-2024-2591 · Unknown · Amphp/Http +1

Name of the Vulnerable Software and Affected Versions: amphp/http versions prior to the fixed version amphp/http-client versions 4.0.0-rc10 through 4.0.0 Description: The issue is related to the amphp/http library and its HTTP/2 protocol implementation, specifically with uncontrolled memory...

CVE-2023-6879

A heap-based buffer overflow vulnerability was found in AOM. When increasing the resolution of video frames during a multi-threaded encode, a heap overflow may occur in av1looprestorationdealloc within threadcommon.c, leading to a denial of service or unauthorized reading of memory. Mitigation...

CVE-2023-6879 heap buffer overflow in libaom

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1looprestorationdealloc...

CVE-2023-6879

CVE-2023-6879 is a heap overflow in libaom’s AV1 encoder triggered when increasing the frame resolution during a multi-threaded encode, specifically in av1_loop_restoration_dealloc(). The connected OSV/SUSE entries confirm this issue affects libaom up to at least version 3.7.0 and was fixed in 3....

LibreOffice 7.5 < 7.5.9 / 7.6 < 7.6.4 Arbitrary Script Execution (macOS)

LibreOffice supports hyperlinks. In addition to the typical common protocols such as http/https hyperlinks can also have target URLs that can launch built-in macros or dispatch built-in internal commands. In affected version of LibreOffice there are scenarios where these can be executed without...

kernel: IGB driver inadequate buffer size for frames larger than MTU

A flaw was found in igbconfigurerxring in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue...

CVE-2023-6193

quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a PATHRESPONSE. ...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

Hitachi Energy RTU500 跨站脚本漏洞

Hitachi Energy RTU500 is a series of industrial control components from Hitachi, Japan. A denial of service vulnerability exists in Hitachi Energy RTU500 series CMU Firmware, which arises from an incomplete or incorrect layout of received APDU frames, and can be exploited by an attacker to cause ...

Important: kernel-livepatch-5.10.192-183.736

Issue Overview: An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. CVE-2023-45871 A use-after-free vulnerability in the Linux kernel's netfilter: nftables compone...

Important: kernel-livepatch-4.14.322-246.539

Issue Overview: An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. CVE-2023-45871 Affected Packages: kernel-livepatch-4.14.322-246.539 Issue Correction: Please...

USN-6495-2 linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop vulnerabilities

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Manfred Rudigier discovered that the IntelR PCI-Express Gigab...

CVE-2023-2265

An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more...

CVE-2023-2265

The CVE-2023-2265 vulnerability affects Schweitzer Engineering Laboratories SEL-411L. Affected revisions span multiple firmware lines (R118 through R129 with various V0–V5 ranges). The issue is an improper restriction of rendered UI layers or frames, which could allow an unauthenticated attacker ...