39 matches found
Exploit for Uncontrolled Resource Consumption in Siemens Simatic_S7-1500_Cpu_1518F-4_Pn\/Dp_Mfp_Firmware
CVE-2023-44487 — HTTP/2 Rapid Reset Test Lab Educational envi...
CVE-2026-34062
CVE-2026-34062 affects the Nimiq libp2p integration. Before version 1.3.0, MessageCodec::read_request and read_response call read_to_end() on inbound substreams, allowing a remote peer to send only a partial frame and keep the substream open. Additionally, Behaviour::new sets with_max_concurrent_...
Security Bulletin: IBM Storage Ceph is vulnerable to CWE in Golang (CVE-2023-39325)
Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2023-39325 Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is...
Denial Of Service (DoS)
Netty is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed HTTP/2 control frames due to a flaw in enforcing the max concurrent streams limit, leading to resource exhaustion and denial of service...
ROS-20250822-12
Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...
CVE-2025-55163
A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
CVE-2025-54500
An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-54500
An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-54500 HTTP/2 Vulnerability
An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
OESA-2025-1183 etcd security update
%expand: Security Fixes: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows th...
OESA-2025-1182 etcd security update
%expand: Security Fixes: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows th...
OESA-2024-1408 cri-o security update
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the...
AZL-31660 CVE-2023-39325 affecting package skopeo for versions less than 1.12.0-4
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-42861 CVE-2023-39325 affecting package multus for versions less than 4.0.2-3
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-34015 CVE-2023-39325 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-34588 CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-33330 CVE-2023-39325 affecting package packer for versions less than 1.8.7-2
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-31692 CVE-2023-39325 affecting package etcd for versions less than 3.5.6-11
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-31857 CVE-2023-39325 affecting package kured for versions less than 1.9.1-14
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-34892 CVE-2023-39325 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...