156 matches found
PT-2022-19321 · Unknown · Fisco-Bcos
Name of the Vulnerable Software and Affected Versions: FISCO-BCOS version release-3.0.0-rc2 Description: The issue allows a malicious node to cause normal nodes to stop producing new blocks and processing new clients' requests by sending an invalid proposal with an invalid header. Recommendations...
Netty 环境问题漏洞
Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. Netty An environment issue vulnerability exists that stems from the fact that Netty is an asynchronous event-driven web...
HTTP Request Smuggling in github.com/hyperledger/fabric
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...
CVE-2021-43669
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...
Hyperledger Fabric 环境问题漏洞
Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used for developing solutions and applications. A security vulnerability exists in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0, which can be exploited by an attacker by constructing a message whose header is...
CVE-2021-33056
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message...
HTTP/2: flood using HEADERS frames results in unbounded memory growth
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
netty: HTTP request smuggling
A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...
HTTP/2: flood using HEADERS frames results in unbounded memory growth
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
netty: HTTP request smuggling
A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...
CVE-2020-9308
archivereadsupportformatrar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header such as a header size of zero, leading to a SIGSEGV or possibly unspecified other impact...
ALPINE-CVE-2020-9308
archivereadsupportformatrar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header such as a header size of zero, leading to a SIGSEGV or possibly unspecified other impact...
Waitress denial of service vulnerability
Waitress is a WSGI Web Server Gateway Interface server for Python. A denial of service vulnerability exists in Waitress, which can be exploited to cause a denial of service by sending specially designed headers containing invalid characters that consume all available CPU resources...
CVE-2020-5236
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and...
CVE-2020-5236
CVE-2020-5236 affects the Python WSGI server waitress. A flaw in the regex used to validate incoming HTTP headers allows catastrophic backtracking when headers contain invalid characters (e.g., Bad-header: xxxxxxxxxxxxxxx\x10), causing the server to hit 100% CPU and deny service. The issue was in...
PYSEC-2019-68
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...
HTTP/2: flood using HEADERS frames results in unbounded memory growth
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
libjpeg-turbo Denial of Service Vulnerability
libjpeg is a C language library for processing image data in JPEG format. The product includes JPEG decoding, JPEG encoding and other JPEG functions. libjpeg-turbo is an optimized and improved version of libjpeg. A security vulnerability exists in libjpeg-turbo version 2.0.2. An attacker could...
Buffer overflow
Buffer overflow can occur if invalid header tries to overwrite the existing buffer which fix size allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...
CVE-2019-2248
CVE-2019-2248 describes a buffer overflow that can occur when an invalid header overwrites an existing buffer with a fixed-size allocation, affecting a wide range of Qualcomm Snapdragon products (e.g., Snapdragon Auto/Compute/Connectivity, Snapdragon IoT/Wearables, Snapdragon 615/16, 625, 820/820...