JLSEC-2026-20

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

EUVD-2022-52907

Malicious code in bioql PyPI...

CVE-2024-47609

A flaw was found in the hyperium/tonic package. In certain conditions, it may be possible for a remote attacker to cause the application to terminate upon accepting a TCP/TLS stream, which may lead to a denial of service...

RUSTSEC-2024-0003 Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the generation of reset frames on the victim endpoint. By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion, resulting in Out ...

SUSE SLED15 / SLES15 Security Update : gstreamer-plugins-rs (SUSE-SU-2024:0090-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0090-1 advisory. - Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to...

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

If an attacker is able to flood the network with pairs of HEADERS/RSTSTREAM frames, such that the h2 application is not able to accept them faster than the bytes are received, the pending accept queue can grow in memory usage. Being able to do this consistently can result in excessive memory use,...

RUSTSEC-2023-0034 Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

If an attacker is able to flood the network with pairs of HEADERS/RSTSTREAM frames, such that the h2 application is not able to accept them faster than the bytes are received, the pending accept queue can grow in memory usage. Being able to do this consistently can result in excessive memory use,...

Amazon Linux 2 : aws-nitro-enclaves-cli (ALASNITRO-ENCLAVES-2023-021)

The version of aws-nitro-enclaves-cli installed on the remote host is prior to 1.2.2-0. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-021 advisory. Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H...

Important: aws-nitro-enclaves-cli

Issue Overview: Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. CVE-2022-31394 Affected Packages: aws-nitro-enclaves-cli Note: This advisory is applicable to Amazon Linux 2 ...

Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software allowing attackers to perform HTTP2 attacks.

...

SUSE CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

DEBIAN-CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

Design/Logic Flaw

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

UBUNTU-CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

CVE-2022-31394 affects the Hyperium Hyper HTTP/2 stack in the Hyper crate before 0.14.19, where the max_header_list_size customization is blocked, enabling HTTP/2 attacks. Affected products use Hyper prior to 0.14.19; advisories and open-source references (e.g., Hyper PRs and SUSE advisories) ind...