23 matches found
JLSEC-2026-20
Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...
CVE-2022-31394
Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...
EUVD-2022-52907
Malicious code in bioql PyPI...
CVE-2024-47609
A flaw was found in the hyperium/tonic package. In certain conditions, it may be possible for a remote attacker to cause the application to terminate upon accepting a TCP/TLS stream, which may lead to a denial of service...
RUSTSEC-2024-0003 Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the generation of reset frames on the victim endpoint. By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion, resulting in Out ...
SUSE SLED15 / SLES15 Security Update : gstreamer-plugins-rs (SUSE-SU-2024:0090-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0090-1 advisory. - CVE-2022-31394: Fixed a potential denial of service in the HTTP/2 implementation bsc1208556. Tenable has extracted the preceding description block...
RUSTSEC-2023-0034 Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
If an attacker is able to flood the network with pairs of HEADERS/RSTSTREAM frames, such that the h2 application is not able to accept them faster than the bytes are received, the pending accept queue can grow in memory usage. Being able to do this consistently can result in excessive memory use,...
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
If an attacker is able to flood the network with pairs of HEADERS/RSTSTREAM frames, such that the h2 application is not able to accept them faster than the bytes are received, the pending accept queue can grow in memory usage. Being able to do this consistently can result in excessive memory use,...
Amazon Linux 2 : aws-nitro-enclaves-cli (ALASNITRO-ENCLAVES-2023-021)
The version of aws-nitro-enclaves-cli installed on the remote host is prior to 1.2.2-0. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-021 advisory. Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H...
Important: aws-nitro-enclaves-cli
Issue Overview: Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. CVE-2022-31394 Affected Packages: aws-nitro-enclaves-cli Note: This advisory is applicable to Amazon Linux 2 ...
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software allowing attackers to perform HTTP2 attacks.
...
SUSE CVE-2022-31394
Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...
CVE-2022-31394
Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...
DEBIAN-CVE-2022-31394
Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...
Design/Logic Flaw
Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...
CVE-2022-31394
Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...
UBUNTU-CVE-2022-31394
Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...
CVE-2022-31394
Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...
CVE-2022-31394
Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...
Hyperium Hyper 安全漏洞
hyperium hyper is an open source HTTP library for Rust. It is intended to be a building block for libraries and applications. A security vulnerability exists in Hyperium Hyper prior to version 0.14.19. An attacker exploited the vulnerability to perform HTTP2 attacks...