26 matches found
Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provid
This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-random, terraform-provider-susepubliccloud, terraform-provider-tls fixes the following issue...
ROS-20260710-73-0009
The vulnerability in the HTTP/2 implementation using the Go programming language arises from executing a loop with an unreachable exit condition when processing the value of SETTINGSMAXFRAMESIZE, which is equal to 0. Exploiting this vulnerability could allow a remote attacker to cause a service...
Security update for ignition (important)
openSUSE security update: security update for ignition ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21108-1 Rating: important References: bsc1265751 Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5...
The vulnerability of the Go language-based HTTP/2 protocol implementation allows a attacker to cause a service failure.
The vulnerability in the HTTP/2 implementation using the Go programming language arises from executing a loop with an unreachable exit condition when processing the value of SETTINGSMAXFRAMESIZE, which is equal to 0. Exploiting this vulnerability could allow a remote attacker to cause a service...
SUSE-SU-2026:2460-1 Security update for kubernetes-old
This update for kubernetes-old fixes the following issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265747. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of servic...
SUSE-SU-2026:2325-1 Security update for kubernetes1.26
This update for kubernetes1.26 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265740. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service...
Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2026-1813)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1813 advisory. When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0. CVE-2026-33814 Tenable has extracte...
CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame
A flaw was found in the HTTP/2 protocol implementation within the Go standard library golang.org/x/net and net/http/internal/http2. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGSMAXFRAMESIZE parameter set to zero. This...
SUSE-SU-2026:21991-1 Security update for ignition
This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...
BIT-GOLANG-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
EUVD-2026-26715
Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion...
PT-2026-36544
Name of the Vulnerable Software and Affected Versions bandit versions 0.3.6 through 1.10.x Description An issue in the deserialize/2 function within Elixir.Bandit.HTTP2.Frame allows unauthenticated memory exhaustion through oversized HTTP/2 frames. The system checks the SETTINGS MAX FRAME SIZE...
CVE-2022-49654
In the Linux kernel, the following vulnerability has been resolved: net: dsa: qca8k: reset cpu port on MTU change It was discovered that the Documentation lacks of a fundamental detail on how to correctly change the MAXFRAMESIZE of the switch. In fact if the MAXFRAMESIZE is changed while the cpu...
DEBIAN-CVE-2022-49654
In the Linux kernel, the following vulnerability has been resolved: net: dsa: qca8k: reset cpu port on MTU change It was discovered that the Documentation lacks of a fundamental detail on how to correctly change the MAXFRAMESIZE of the switch. In fact if the MAXFRAMESIZE is changed while the cpu...
UBUNTU-CVE-2022-49654
In the Linux kernel, the following vulnerability has been resolved: net: dsa: qca8k: reset cpu port on MTU change It was discovered that the Documentation lacks of a fundamental detail on how to correctly change the MAXFRAMESIZE of the switch. In fact if the MAXFRAMESIZE is changed while the cpu...
CVE-2022-49654 net: dsa: qca8k: reset cpu port on MTU change
In the Linux kernel, the following vulnerability has been resolved: net: dsa: qca8k: reset cpu port on MTU change It was discovered that the Documentation lacks of a fundamental detail on how to correctly change the MAXFRAMESIZE of the switch. In fact if the MAXFRAMESIZE is changed while the cpu...
CVE-2022-49654
CVE-2022-49654 pertains to the Linux kernel, specifically the net: dsa: qca8k component. The issue occurs when MAX_FRAME_SIZE (MTU) is changed while the CPU port is enabled, causing the switch to panic and stop sending packets, which can render the device unreachable; a switch reset may be requir...