Lucene search
K

87 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.7 views

netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

A flaw was found in Netty, a network application framework. A remote attacker can exploit a vulnerability in the HTTP/2 Hypertext Transfer Protocol version 2 maximum header size handling. By sending a specific SETTINGSMAXHEADERLISTSIZE setting, an attacker can cause Netty to produce an exception...

6.9CVSS5.4AI score0.00302EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/15 8:46 p.m.9 views

Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

Summary Netty HTTP/2 max header size handling produces attack similar to HTTP/2 Rapid Reset. Details There is a setting in the http2 specification called SETTINGSMAXHEADERLISTSIZE. According to the RFC: “This advisory setting informs a peer of the maximum field section size that the sender is...

6.9CVSS5.3AI score0.00302EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.12 views

CVE-2026-50560

A flaw was found in Netty, a network application framework. A remote attacker can exploit a vulnerability in the HTTP/2 Hypertext Transfer Protocol version 2 maximum header size handling. By sending a specific SETTINGSMAXHEADERLISTSIZE setting, an attacker can cause Netty to produce an exception...

6.9CVSS5AI score0.00302EPSS
Exploits0References7
OSV
OSV
added 2026/06/12 4:16 p.m.4 views

UBUNTU-CVE-2026-50560

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

6.9CVSS5.3AI score0.00302EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/12 2:59 p.m.26 views

CVE-2026-50560 Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

6.9CVSS0.00302EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/12 5:4 a.m.11 views

EUVD-2026-36386

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

7.5CVSS5.5AI score0.00279EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 4:41 p.m.8 views

GHSA-W4C6-7R69-W7J9 klever-go: REST API slow-header connection exhaustion via Gin Engine.Run

Summary The Klever seednode REST API starts a Gin engine with Engine.RunrestAPIInterface. In Gin v1.9.1, Engine.Run calls Go's default http.ListenAndServe, which constructs an HTTP server without application-level ReadHeaderTimeout, ReadTimeout, or MaxHeaderBytes limits. An unauthenticated client...

7.5CVSS5.6AI score0.0005EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.12 views

PT-2026-48347

Name of the Vulnerable Software and Affected Versions klever-go versions 1.7.14 through 1.7.17 Description The REST API in the seednode and node components is susceptible to a denial of service attack. This occurs because the application uses the Gin framework's Engine.Run function, which relies ...

7.5CVSS5.9AI score0.0005EPSS
Exploits0References5
OSV
OSV
added 2026/04/01 3:14 p.m.5 views

JLSEC-2026-20

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

7.5CVSS5.9AI score0.01085EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/01/14 7:16 p.m.6 views

CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

7.5CVSS6.7AI score0.00433EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/01/14 7:7 p.m.4 views

CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

7.5CVSS5.9AI score0.00433EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.6 views

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

7.5CVSS6.8AI score0.01085EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-2950

Name of the Vulnerable Software and Affected Versions Undici versions prior to 7.18.0 Undici versions prior to 6.23.0 Description Undici is an HTTP/1.1 client for Node.js. A malicious server can insert thousands of compression steps due to an unbounded number of links in the decompression chain a...

7.5CVSS6.6AI score0.00433EPSS
Exploits0References77
Snyk
Snyk
added 2025/12/12 6:50 a.m.3 views

Inefficient Algorithmic Complexity

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the HTTPHeaders.add method. An attacker can cause the server's event loop to become...

8.7CVSS6.8AI score0.00396EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-57695

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01016EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/01 4:36 p.m.3 views

jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGSMAXHEADERLISTSIZE parameter...

7.5CVSS7AI score0.00625EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/07/01 4:31 p.m.8 views

jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGSMAXHEADERLISTSIZE parameter...

7.5CVSS7AI score0.00625EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/06/25 12:21 a.m.3 views

undertow: AJP Request closes connection exceeding maxRequestSize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS7.1AI score0.01016EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/06/25 12:16 a.m.34 views

undertow: AJP Request closes connection exceeding maxRequestSize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS7.1AI score0.01016EPSS
Exploits0References4
OSV
OSV
added 2025/06/18 10:15 a.m.5 views

DEBIAN-CVE-2025-38053

In the Linux kernel, the following vulnerability has been resolved: idpf: fix null-ptr-deref in idpffeaturescheck idpffeaturescheck is used to validate the TX packet. skb header length is compared with the hardware supported value received from the device control plane. The value is stored in the...

5.5CVSS5.5AI score0.00157EPSS
Exploits0References1
Rows per page
Query Builder