OESA-2023-1082 golang security update

The Go Programming Language Security Fixes: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very...

OESA-2023-1080 golang security update

The Go Programming Language Security Fixes: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very...

F5 BIG-IP 资源管理错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP HTTP/2 profile, when enabling the client HTTP/2 profile and HTTP MR...

The vulnerability of the HTTP/3 network protocol implementation in Microsoft Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the HTTP/3 network protocol implementation in Microsoft Windows systems is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

httpd: NULL pointer dereference via crafted request during HTTP/2 request processing

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

httpd: NULL pointer dereference via crafted request during HTTP/2 request processing

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

PT-2022-24859 · Traefik +1 · Traefik +1

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.8.8 Traefik versions prior to 2.9.0-rc5 Description: There is a potential issue in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. Thi...

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

...

PT-2022-4659

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.18.6 Go versions 1.19.x prior to 1.19.1 Description The issue is related to the net/http package in Go, where an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error, leading to a denial ...

PT-2022-13755 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A flaw was found in Undertow, related to flow control handling by the browser over HTTP/2, which may cause overhead or a denial of service in the server. This issue is due to an incomplete...

DEBIAN-CVE-2022-25763

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

netty: possible request smuggling in HTTP/2 due missing validation

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

CVE-2022-29631

Removed by vendor...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel web...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel...

GHSA-68G5-8Q7F-M384 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL...

PT-2022-13302 · Apple · Swift-Nio-Http2

Name of the Vulnerable Software and Affected Versions: swift-nio-http2 versions 1.0.0 through 1.19.2 Description: A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logic...

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

PT-2022-1791 · Microsoft +5 · Net 5.0 +7

Name of the Vulnerable Software and Affected Versions: .NET 6.0 versions 6.0.0 through 6.0.1 .NET 5.0 versions 5.0.0 through 5.0.13 Description: A Denial of Service issue exists in .NET 6.0 and .NET 5.0 when the Kestrel web server processes certain HTTP/2 and HTTP/3 requests. This is due to...

varnish: HTTP/1 request smuggling vulnerability

A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...