Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-125 (ALASDOCKER-2026-125)

The version of runc installed on the remote host is prior to 1.3.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-125 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...

CVE-2026-42926

The connected F5 advisory confirms CVE-2026-42926 affects NGINX Open Source’s ngx_http_proxy_v2_module when proxy_http_version is set to 2 and proxy_set_body is used. The vulnerability allows a remote attacker to inject arbitrary HTTP/2 frame headers and payload bytes into the upstream connection...

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

EUVD-2018-18101

Malware in sbrugna...

Important: nodejs

Issue Overview: An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the...

SUSE-SU-2023:0153-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-0056: Fixed a server crash that could be triggered via a malformed HTTP/2 frame bsc1207181...

gRPC Swift 输入验证错误漏洞

gRPC Swift is an open source Swift language implementation of gRPC , it contains a gRPC Swift API and code generator . Provides an API and generated code for gRPC clients and servers and can be built using Xcode or the Swift package manager. A security vulnerability in HTTP2ToRawGRPCServerCodec i...

Design/Logic Flaw

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz TLS 1.3 transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fi...

CVE-2018-6343

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz TLS 1.3 transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fi...

CVE-2018-6343

CVE-2018-6343 affects Facebook Proxygen. The issue arises when Proxygen fails to validate that a secondary auth manager is set before dereferencing it during parsing of Certificate/CertificateRequest HTTP2 Frames over fizz (TLS 1.3), leading to potential denial of service. Affected versions are v...

PT-2018-17491 · Facebook · Proxygen

Name of the Vulnerable Software and Affected Versions: Proxygen versions v2018.10.29.00 through v2018.11.19.00 Description: The issue is related to the failure of Proxygen to validate that a secondary auth manager is set before dereferencing it, which can cause a denial of service issue. This...