12 matches found
CVE-2026-39865
Axios HTTP/2 session cleanup state corruption in Http2Sessions.getSession() (lib/adapters/http.js) is fixed in 1.13.2. Prior to 1.13.2, the cleanup logic could corrupt state when removing sessions from the sessions array, allowing a malicious server to crash the client process via concurrent sess...
CVE-2026-39865 Axios HTTP/2 Session Cleanup State Corruption Vulnerability
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...
CVE-2026-21714
A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...
The vulnerability of the `node::http2::Http2Session::~Http2Session()` function in HTTP/2 server software for Node.js allows attackers to cause service failures.
The vulnerability of the node::http2::Http2Session::Http2Session function in HTTP/2 server-side software for Node.js is related to an uncontrolled resource consumption due to incorrect handling of header termination when processing CONTINUATION frames. Exploiting this vulnerability can allow a...
SUSE CVE-2021-43535
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 93, Thunderbird 91.3, and Firefox ESR 91.3...
UBUNTU-CVE-2021-43535
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 93, Thunderbird 91.3, and Firefox ESR 91.3...
Mozilla: Use-after-free in HTTP2 Session object
The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...
Mozilla: Use-after-free in HTTP2 Session object
The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...
Mozilla: Use-after-free in HTTP2 Session object
The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...
Mozilla: Use-after-free in HTTP2 Session object
The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...
Mozilla: Use-after-free in HTTP2 Session object
The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...
Mozilla: Miscellaneous memory safety hazards (rv:45.3) (MFSA 2016-62)
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to Http2Session::Shutdown a...