11 matches found
EUVD-2023-1873
Malicious code in bioql PyPI...
nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap
A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...
nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap
A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...
nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap
A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...
CVE-2022-24777
grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...
Denial of Service via reachable assertion
A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...
GHSA-R6WW-5963-7R95 Denial of Service via reachable assertion
A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...
Code injection
grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...
CVE-2022-24777 Denial of Service via reachable assertion in grpc-swift
grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...
PT-2022-16872 · Unknown · Grpc Swift
Name of the Vulnerable Software and Affected Versions: grpc-swift versions prior to 1.7.2 Description: The issue is a denial of service attack via a reachable assertion, caused by incorrect logic when handling GOAWAY frames. This attack requires minimal resources to construct and send the require...
Apache Tomcat 8.5.x < 8.5.13 Multiple Vulnerabilities
According to its self-reported version number, the Apache Tomcat service running on the remote host is 8.5.x prior to 8.5.13. It is therefore affected by multiple vulnerabilities : - A flaw exists in the handling of pipelined requests when send file processing is used that results in the pipeline...