Amazon Linux 2023 : aws-nitro-enclaves-cli, aws-nitro-enclaves-cli-devel, aws-nitro-enclaves-cli-integration-tests (ALAS2023-2023-129)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-129 advisory. Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. CVE-2022-31394 Tenable has...

AZL-37481 CVE-2022-41723 affecting package golang for versions less than 1.21.6-1

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

AZL-34543 CVE-2022-41723 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.2-2

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

SUSE CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

curl bug fix and enhancement update

An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...

K18364001: Node.js vulnerability CVE-2017-15896

Security Advisory Description Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS...

K34369533: Node.js vulnerability CVE-2018-7161

Security Advisory Description All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner th...

K79933541: HTTP2 profile vulnerability CVE-2022-35236

Security Advisory Description When an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. CVE-2022-35236 Impact System performance can degrade until the TMM process is either forced to restart or is manually restarted. This...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

AZL-61516 CVE-2022-31394 affecting package rust for versions less than hyper-0.14.25

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

AZL-13685 CVE-2022-31394 affecting package rpm-ostree for versions less than 2022.1-4

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

Design/Logic Flaw

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

CVE-2022-31394 affects the Hyperium Hyper HTTP/2 stack in the Hyper crate before 0.14.19, where the max_header_list_size customization is blocked, enabling HTTP/2 attacks. Affected products use Hyper prior to 0.14.19; advisories and open-source references (e.g., Hyper PRs and SUSE advisories) ind...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

FreeBSD : traefik -- Use of vulnerable Go module x/net/http2 (428922c9-b07e-11ed-8700-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 428922c9-b07e-11ed-8700-5404a68ad561 advisory. - A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the bo...

SUSE CVE-2016-1546

The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control windows...