AZL-31296 CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34686 CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-39603 CVE-2023-44487 affecting package cri-o for versions less than 1.21.7-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31317 CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35282 CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35350 CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35441 CVE-2023-44487 affecting package docker-compose for versions less than 2.27.0-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31291 CVE-2023-44487 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-15

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-37404 CVE-2023-44487 affecting package golang for versions less than 1.21.6-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34579 CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35008 CVE-2023-44487 affecting package moby-engine for versions less than 25.0.3-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31299 CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31297 CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-42750 CVE-2023-44487 affecting package ig for versions less than 0.30.0-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31331 CVE-2023-44487 affecting package multus for versions less than 3.8-12

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34799 CVE-2023-44487 affecting package helm for versions less than 3.15.2-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial of service vulnerability exists in F5 BIG-IP HTTP/2, which can be exploited by an attacker to cause TMM termination...

PT-2023-6400 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions prior to the fixed version Description: The issue is related to errors in memory release, which can be exploited by a remote attacker to cause a denial of service. When a client-side HTTP/2 profile and the HTTP MRF Router opti...

VulnCheck KEV: CVE-2023-44487

HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack DDoS...

Important: cni-plugins

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send...