57 matches found
vLLM 资源管理错误漏洞
vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A resource management error vulnerability exists in vLLM versions prior to 0.1.0 through 0.10.1.1, which stems from the fact that sending an HTTP GET request with a very large header cou...
apache-commons-fileupload: Apache Commons FileUpload DoS via part headers
A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...
Allocation of Resources Without Limits or Throttling
Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...
Allocation of Resources Without Limits or Throttling
Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...
Allocation of Resources Without Limits or Throttling
Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...
DEBIAN-CVE-2021-47240
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtrendpointpost Syzbot reported slab-out-of-bounds Read in qrtrendpointpost. The problem was in wrong size type: if len != ALIGNsize, 4 + hdrlen goto err; If size from qrtrhdr is 4294967293 0xfffffffd,...
PT-2024-2567 · Unknown +2 · Erlang-Jose +2
Name of the Vulnerable Software and Affected Versions: erlang-jose versions through 1.11.6 Description: The issue is related to an uncontrolled resource consumption in the erlang-jose module for JSON object signing and encryption for Erlang and Elixir languages. This can be exploited by a remote...
DEBIAN-CVE-2023-50269
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to...
golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...
golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...
golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...
K55518036: GO vulnerability CVE-2021-31525
Security Advisory Description net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. CVE-2021-31525 Impact There...
SUSE CVE-2021-31525
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...
SUSE CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
AZL-33645 CVE-2022-41717 affecting package sriov-network-device-plugin for versions less than 3.6.2-2
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
AZL-34276 CVE-2022-41717 affecting package nmi for versions less than 1.8.17-1
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
AZL-79004 CVE-2022-41717 affecting package golang 1.25.7-1
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
PT-2022-7291
Name of the Vulnerable Software and Affected Versions net/http versions prior to the fixed version Description The issue is related to the net/http package in the Go programming language, which is vulnerable to excessive memory growth due to unbounded resource allocation. An attacker can cause th...
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
golang.org/x/net/http/httpguts in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...
Uncontrolled Recursion
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...