Lucene search
K

113 matches found

OSV
OSV
added 2024/05/10 11:7 a.m.6 views

OESA-2024-1530 ignition security update

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

7.5CVSS6.7AI score0.04561EPSS
Exploits0References2
OSV
OSV
added 2024/05/10 11:7 a.m.3 views

OESA-2024-1529 ignition security update

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

7.5CVSS6.7AI score0.04561EPSS
Exploits0References2
OSV
OSV
added 2024/04/26 11:7 a.m.3 views

OESA-2024-1503 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small...

7.5CVSS6.8AI score0.04561EPSS
Exploits0References2
OSV
OSV
added 2024/04/26 11:7 a.m.2 views

OESA-2024-1504 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small...

7.5CVSS6.8AI score0.04561EPSS
Exploits0References2
OSV
OSV
added 2024/04/05 3:6 p.m.4 views

GHSA-W7HM-HMXV-PVHF HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...

7.5CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2024/04/04 9:15 p.m.4 views

AZL-38785 CVE-2023-45288 affecting package azcopy for versions less than 10.25.1-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.7 views

AZL-39460 CVE-2024-28182 affecting package nghttp2 for versions less than 1.57.0-2

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS6.9AI score0.8496EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2023/11/14 4:3 p.m.3 views

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS6.6AI score0.04561EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2023/11/07 8:52 a.m.8 views

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS6.6AI score0.04561EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2023/11/07 8:39 a.m.4 views

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS6.6AI score0.04561EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2023/10/31 12:0 a.m.4 views

The vulnerability of the HPACK decoder in the Golang programming language, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the HPACK decoder in the Golang programming language is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a local attacker to cause service failures...

7.8CVSS6.5AI score0.04561EPSS
Exploits0References15Affected Software31
RustSec
RustSec
added 2023/09/15 12:0 p.m.5 views

HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.9 views

PT-2023-25881 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions 4.9 and prior Description: Contiki-NG is an operating system for internet-of-things devices. The issue arises during IPHC header decompression when processing IPv6 header fields. Specifically, the system fails to check if...

5.3CVSS5.1AI score0.00386EPSS
Exploits0References4
Amazon
Amazon
added 2023/09/07 12:0 a.m.5 views

Important: amazon-ecr-credential-helper

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: amazon-ecr-credential-helper Issue Correction: Run dnf update amazon-ecr-credential-helper --releasever 2023.1.20230906 or dnf update --advisory ALAS2023-2023-337 --releasever 2023.1.202309...

7.5CVSS6.7AI score0.04561EPSS
Exploits0
OSV
OSV
added 2023/08/09 1:15 p.m.6 views

AZL-39394 CVE-2023-33953 affecting package python-tensorboard for versions less than 2.11.0-2

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption ...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References1
OSV
OSV
added 2023/08/09 1:15 p.m.1 views

DEBIAN-CVE-2023-33953

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption ...

7.5CVSS7.8AI score0.00412EPSS
Exploits0References1
OSV
OSV
added 2023/07/05 7:12 p.m.4 views

GHSA-CFGP-2977-2FMM Connection confusion in gRPC

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

7.4CVSS6.8AI score0.00502EPSS
Exploits0References9
OSV
OSV
added 2023/06/09 11:15 a.m.3 views

UBUNTU-CVE-2023-32731

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

7.5CVSS6.9AI score0.00502EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.3 views

gRPC 安全漏洞

gRPC is a modern, open source, high-performance Remote Procedure Call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC that stems from the fact that when the gRPC HTTP2 stack throws a header size exceeded error, it skips parsing the rest of the HPACK frame. This causes...

7.5CVSS7.5AI score0.00502EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/06 8:36 a.m.4 views

curl: HTTP multi-header compression denial of service

A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors...

6.5CVSS6.8AI score0.01703EPSS
Exploits1References5
Rows per page
Query Builder