1327 matches found
AZL-39892 CVE-2023-45288 affecting package git-lfs for versions less than 3.5.1-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39514 CVE-2023-45288 affecting package telegraf for versions less than 1.29.4-3
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-38209 CVE-2023-45288 affecting package skopeo for versions less than 1.14.4-3
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-38581 CVE-2023-45288 affecting package git-lfs for versions less than 3.6.1-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39235 CVE-2023-45288 affecting package kubernetes for versions less than 1.28.4-7
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39022 CVE-2023-45288 affecting package ig for versions less than 0.29.0-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39217 CVE-2023-45288 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-38608 CVE-2023-45288 affecting package libcontainers-common for versions less than 20240213-2
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-38173 CVE-2023-45288 affecting package kubernetes for versions less than 1.30.1-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39484 CVE-2023-45288 affecting package etcd for versions less than 3.5.12-2
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-38392 CVE-2023-45288 affecting package coredns for versions less than 1.11.1-2
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39154 CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
ALPINE-CVE-2024-27316
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...
AZL-43978 CVE-2024-27316 affecting package mod_http2 1.15.14-2
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...
Degradation of service in h2 servers with CONTINUATION Flood
An attacker can send a flood of CONTINUATION frames, causing h2 to process them indefinitely. This results in an increase in CPU usage. Tokio task budget helps prevent this from a complete denial-of-service, as the server can still respond to legitimate requests, albeit with increased latency. Mo...
PT-2024-2622
Vulnerability Report Name of the Vulnerable Software and Affected Versions: Node.js versions 18.x, 20.x, and 21.x corepack20-20.12.1-1.1 corepack21-21.7.2-1.1 OpenSUSE affected versions not specified MosOS affected versions not specified Alma Linux affected versions not specified Rocky Linux...
Important: tomcat9
Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...
The vulnerability of the Go programming language-based http2 package, which allows a hacker to trigger a service failure
The vulnerability of the Go programming language’s http2 package is related to unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service failures...
USN-6718-2 curl vulnerability
USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote...
USN-6718-1 curl vulnerabilities
Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. CVE-2024-2004 It was discovered that curl incorrectly handled memory when limiti...