4 matches found
AZL-39232 CVE-2023-45288 affecting package kata-containers for versions less than 3.2.0.azl2-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-38569 CVE-2023-45288 affecting package docker-compose for versions less than 2.27.0-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...
golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...