455 matches found
Exploit for CVE-2026-49975
CVE-2026-49975 — HTTP/2 Bomb PoC !CVEhttps://img.shields...
PT-2026-45945
Name of the Vulnerable Software and Affected Versions nginx affected versions not specified Apache affected versions not specified IIS affected versions not specified Envoy affected versions not specified Pingora affected versions not specified Description The HTTP/2 Bomb is a remote Denial of...
Astra Linux - уязвимость в qtbase-opensource-src
A issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. There is an incorrect HPack integer overflow check in network/access/http2/hpacktable.cpp...
Astra Linux - уязвимость в golang-golang-x-net, golang-1.19
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, enough to trigger a denial of service due to a small number of small requests...
Astra Linux - уязвимость в nodejs
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
Ubuntu 22.04 LTS / 24.04 LTS : Go Networking vulnerabilities (USN-8089-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8089-1 advisory. Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go Networking could ha...
USN-8089-1: Go Networking vulnerabilities
Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go Networking could hang during shutdown if preempted by a fatal error. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LT...
USN-8089-1 golang-golang-x-net vulnerabilities
Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go Networking could hang during shutdown if preempted by a fatal error. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LT...
SUSE SLED15 / SLES15 Security Update : grpc (SUSE-SU-2026:0840-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0840-1 advisory. This update for grpc fixes the following issue: - CVE-2023-33953: unbounded memory and CPU consumption in the HPACK...
Security update for grpc
This update for grpc fixes the following issue: CVE-2023-33953: unbounded memory and CPU consumption in the HPACK parser leads to remote DoS bsc1214148. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:0840-1 Security update for grpc
This update for grpc fixes the following issue: - CVE-2023-33953: unbounded memory and CPU consumption in the HPACK parser leads to remote DoS bsc1214148...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
Security update for nodejs22
This update for nodejs22 fixes the following issues: Security fixes: CVE-2026-22036: Fixed unbounded decompression chain in HTTP response leading to resource exhaustion bsc1256848 CVE-2026-21637: Fixed synchronous exceptions thrown during callbacks that bypass TLS error handling and causing denia...
BIT-NODE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...