Lucene search
+L

24 matches found

RedhatCVE
RedhatCVE
added 2023/02/09 9:20 p.m.50 views

CVE-2022-2879

A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...

6.5CVSS7.4AI score0.01544EPSS
Exploits0References5
OSV
OSV
added 2022/10/14 12:0 a.m.23 views

CVE-2022-2879 Unbounded memory consumption when reading headers in archive/tar

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.9AI score0.01544EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/11 12:0 a.m.14 views

Duplicate advisory: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3f6-pc54-gfw7. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...

7.5CVSS7.2AI score0.01119EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/02/09 10:5 p.m.23 views

CVE-2022-24667

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...

7.5CVSS6.9AI score0.01119EPSS
Exploits0References3
Rows per page
Query Builder