4 matches found
Custom application fails to launch when the command line exceeds 203 characters
Custom application fails to launch when the command line exceeds 203 characters. Application appears to launch and then disappears...
Medium: golang
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
systemd: line splitting via fgets() allows for state injection during daemon-reexec
It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINEMAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state...
Greenhouse.io: Bypass of request line length limit to DoS via cache poisoning
Summary This is a bypass of the fix that was introduced in response to report 334709. The bug in question was that it was possible to poison the cache of the generated JS file at https://boards.greenhouse.io/embed/jobboard/js?for=surveymonkey, by appending a URL-encoded NULL byte %00, followed by...