54 matches found
CVE-2019-16239
processhttpresponse in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes...
EUVD-2019-7046
Malware in sbrugna...
EUVD-2002-2372
Malware in sbrugna...
EUVD-2022-36266
Malicious code in bioql PyPI...
CVE-2022-33223
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding...
Medium: amazon-ecr-credential-helper
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...
RHEL 9 : skopeo (RHSA-2024:1149)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1149 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...
Important: docker
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
RHEL 8 / 9 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Medium: golang
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
CLSA-2023-1700211046 squid: Fix of 2 CVEs
CVE-2023-46846: Improve HTTP chunked encoding compliance - CVE-2023-46847: Fix stack buffer overflow when parsing Digest Authorization...
squid:4 security update
libecap squid 4.15-6.0.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847...
squid security update
7:5.5-5.el92.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847 - Fix userinfo percent-encoding CVE-2023-46848...
CVE-2022-33223
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding...
Null pointer dereference
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding...
CVE-2022-33223 Null pointer dereference in Modem
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding...
SUSE: Security Advisory (SUSE-SU-2017:2130-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-28926
ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...
Ubuntu: Security Advisory (USN-4565-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...