h2o/h2o-fuzzer-http2: Heap-buffer-overflow in emit_writereq_of_openref

Project: https://github.com/h2o/h2o.git Detailed report: https://oss-fuzz.com/testcase?key=5130696692072448 Project: h2o Fuzzer: aflh2o-fuzzer-http2 Fuzz target binary: h2o-fuzzer-http2 Job Type: aflasanh2o Platform Id: linux Crash Type: Heap-buffer-overflow READ 8 Crash Address: 0x60b0000001c8...

Apache2 mod_http2 header Denial of Service Vulnerability

This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Apache HTTPD server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP2 headers. A crafted HTTP2 request can trigger a...

Denial of service

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6332

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6332

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6332

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6332

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6332

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6332

CVE-2018-6332: A denial-of-service issue in the Proxygen handling of invalid HTTP/2 settings can cause the HHVM Proxygen server to consume disproportionate resources. Affected: HHVM versions 3.24.3 and 3.21.7 and earlier when using the proxygen HTTP/2 handler. Root cause and impact are described ...

PT-2018-17482 · Facebook · Hhvm

Name of the Vulnerable Software and Affected Versions: HHVM versions 3.24.3 and 3.21.7 and below Description: A potential denial-of-service issue exists in the Proxygen handling of invalid HTTP2 settings, causing the server to spend disproportionate resources when handling HTTP2 requests using th...

UBUNTU-CVE-2018-16843

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

[SECURITY] Fedora 29 Update: mod_http2-1.11.1-1.fc29

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

SUSE SLES12 Security Update : wireshark (SUSE-SU-2018:2891-2)

This update for wireshark to version 2.4.9 fixes the following issues : Wireshark was updated to 2.4.9 bsc1094301, bsc1106514. Security issues fixed : CVE-2018-16058: Bluetooth AVDTP dissector crash wnpa-sec-2018-44 CVE-2018-16056: Bluetooth Attribute Protocol dissector crash wnpa-sec-2018-45...

[SECURITY] Fedora 27 Update: mod_http2-1.11.1-1.fc27

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

[SECURITY] Fedora 28 Update: mod_http2-1.11.1-1.fc28

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

openSUSE Security Update : wireshark (openSUSE-2018-793)

This update for wireshark fixes the following issues : Security issues fixed : - CVE-2018-14342: BGP dissector large loop wnpa-sec-2018-34, boo1101777 - CVE-2018-14344: ISMP dissector crash wnpa-sec-2018-35, boo1101788 - CVE-2018-14340: Multiple dissectors could crash wnpa-sec-2018-36, boo1101804...

Security update for wireshark (moderate)

This update for wireshark fixes the following issues: Security issues fixed: - CVE-2018-14342: BGP dissector large loop wnpa-sec-2018-34, boo1101777 - CVE-2018-14344: ISMP dissector crash wnpa-sec-2018-35, boo1101788 - CVE-2018-14340: Multiple dissectors could crash wnpa-sec-2018-36, boo1101804 -...

Updated wireshark packages fix security vulnerabilities

RPKI-Router infinite loop CVE-2018-7325. MMSE dissector infinite loop CVE-2018-14339. Multiple dissectors could crash CVE-2018-14340. DICOM dissector crash CVE-2018-14341. BGP dissector large loop CVE-2018-14342. ASN.1 BER dissector crash CVE-2018-14343. ISMP dissector crash CVE-2018-14344. Bazaa...

CVE-2018-14369

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression...