44 matches found
MGASA-2026-0250 Updated haproxy packages fix security vulnerability
HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...
USN-8459-1: HAProxy vulnerabilities
It was discovered that HAProxy incorrectly handled the FCGI demultiplexer record length field. A remote attacker could possibly use this issue to cause incorrect request routing, response smuggling, or other memory safety issues. CVE-2026-55203 It was discovered that HAProxy failed to validate th...
CVE-2026-55204
HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...
EUVD-2024-48194
Malicious code in bioql PyPI...
SUSE: Security Advisory (SUSE-SU-2024:4401-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend
A flaw was found in Google gRPC due to HPACK table poisoning between the proxy and backend so that other clients see failed requests, resulting in a denial of service. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent...
SUSE-SU-2024:4436-1 Security update for grpc
This update for grpc fixes the following issues: - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-grpcio (SUSE-SU-2024:4429-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4429-1 advisory. - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 -...
SUSE SLES15 Security Update : python-grpcio (SUSE-SU-2024:4428-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4428-1 advisory. - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 - CVE-2024-7246: HPACK table poisoning by...
SUSE-SU-2024:4429-1 Security update for python-grpcio
This update for python-grpcio fixes the following issues: - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919...
SUSE-SU-2024:4428-1 Security update for python-grpcio
This update for python-grpcio fixes the following issues: - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919...
SUSE SLES15 / openSUSE 15 Security Update : python-grpcio (SUSE-SU-2024:4393-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4393-1 advisory. - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 - CVE-2024-7246: HPACK table...
openSUSE Security Advisory (SUSE-SU-2024:4393-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:4401-1 Security update for grpc
This update for grpc fixes the following issues: - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821...
SUSE-SU-2024:4400-1 Security update for grpc
This update for grpc fixes the following issues: - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821...
SUSE-SU-2024:4393-1 Security update for python-grpcio
This update for python-grpcio fixes the following issues: - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919...
Amazon Linux 2023 : grpc, grpc-cpp, grpc-data (ALAS2023-2024-769)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-769 advisory. It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this...
Important: Red Hat Security Advisory: rhc-worker-playbook security update
An update for rhc-worker-playbook is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Information Disclosure
libgrpc.so is vulnerable to Information Disclosure. The vulnerability is due to an error status for a misencoded header not cleared between header reads, resulting in subsequent incrementally indexed added headers in the first request being poisoned until cleared from the HPACK table. This can be...
CVE-2024-7246
A flaw was found in Google gRPC due to HPACK table poisoning between the proxy and backend so that other clients see failed requests, resulting in a denial of service. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent...