187 matches found
AZL-56476 CVE-2025-23085 affecting package nodejs18 for versions less than 18.20.3-3
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...
DEBIAN-CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...
UBUNTU-CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...
tomcat: request smuggling
A flaw was found in Apache Tomcat. If the server is configured to ignore invalid HTTP headers, the server does not reject a request containing an invalid content-length header, making it vulnerable to a request smuggling attack...
tomcat: request smuggling
A flaw was found in Apache Tomcat. If the server is configured to ignore invalid HTTP headers, the server does not reject a request containing an invalid content-length header, making it vulnerable to a request smuggling attack...
SUSE CVE-2009-0033
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...
SUSE CVE-2018-19158
ColossusCoinXT through 1.0.5 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk...
DEBIAN-CVE-2022-42252
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...
Improper Input Validation
trafficserver is vulnerable to improper input validation. The vulnerability exists in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers...
golang: net/http: improper sanitization of Transfer-Encoding header
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...
Apache Traffic Server Input Validation Error Vulnerability (CNVD-2023-03926)
Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation. Apache Traffic Server versions 8.0.0 through 9.1.2 are vulnerable to an input validation error, which could be exploited by an attacker to send invalid headers...
UBUNTU-CVE-2022-1705
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...
DEBIAN-CVE-2022-28129
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...
PT-2022-18829
Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions 8.0.0 through 9.1.2 Description The issue is related to improper input validation in HTTP/1.1 header parsing, allowing an attacker to send invalid headers. Recommendations For Apache Traffic Server versions 8.0.0...
Apache Traffic Server 输入验证错误漏洞
Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation. Apache Traffic Server versions 8.0.0 through 9.1.2 are vulnerable to an input validation error, which could be exploited by an attacker to send invalid headers...
golang: net/http: improper sanitization of Transfer-Encoding header
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...
PT-2022-20652 · Solana · Solana Rbpf
Name of the Vulnerable Software and Affected Versions: Solana solana rbpf versions prior to 0.2.29 Description: The issue is related to an addition integer overflow that can occur due to invalid ELF program headers. This can cause a panic in the elf.rs module when a malformed eBPF program is...
GHSA-5CW4-GGX9-36VG Apache Tomcat Denial of Service via Malformed Request Headers
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...
Denial Of Service (DoS)
php5 is vulnerable to denial of service DoS. The vulnerability exists as ColossusCoinXT through 1.0.5 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid...
HTTP/2: flood using HEADERS frames results in unbounded memory growth
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...