GHSA-W3F6-PC54-GFW7 swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. There are a number of...

swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logica...

swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. There are a number of...

Fedora 37 : clevis-pin-tpm2 / greetd / keyring-ima-signer / libkrun / etc (2023-37ae269843)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-37ae269843 advisory. Recent updates for the tokio, h2, and openssl crates addressed some potential or confirmed security or soundness issues: - tokio: RUSTSEC-2023-0005 - h2:...

RHEL 8 : go-toolset:rhel8 (RHSA-2023:3083)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3083 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/tls...

CVE-2022-40482

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...

SUSE SLES15 / openSUSE 15 Security Update : aws-nitro-enclaves-cli (SUSE-SU-2023:1844-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1844-1 advisory. - regex is an implementation of regular expressions for the Rust language. The regex crate features built-in...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

DEBIAN-CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

Design/Logic Flaw

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

UBUNTU-CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2023-0009)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, t...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers

Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...

Amazon Linux 2 : aws-nitro-enclaves-cli (ALASNITRO-ENCLAVES-2023-021)

The version of aws-nitro-enclaves-cli installed on the remote host is prior to 1.2.2-0. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-021 advisory. Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H...

Important: aws-nitro-enclaves-cli

Issue Overview: Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. CVE-2022-31394 Affected Packages: aws-nitro-enclaves-cli Issue Correction: Run dnf update...