ROS-20230414-04

The curl program vulnerability is related to a memory usage error after release when processing rejected requests from HTTP proxy using SMB or TELNET protocols. Exploitation of the vulnerability could allow an attacker acting remotely to cause a post-release memory usage error and cause the...

GHSA-F8VR-R385-RH5R h2 vulnerable to denial of service

Hyper is an HTTP library for Rust and h2 is an HTTP 2.0 client & server implementation for Rust. An issue was discovered in h2 v0.2.4 when processing header frames. It incorrectly processes the HTTP2 RSTSTREAM frames by not always releasing the memory immediately upon receiving the reset frame,...

AZL-35217 CVE-2023-26964 affecting package rpm-ostree for versions less than 2024.4-1

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

AZL-26730 CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-1

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

DEBIAN-CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

Design/Logic Flaw

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

UBUNTU-CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2023-26964

CVE-2023-26964 affects hyper v0.13.7 and h2-0.2.4, where HTTP/2 RST_STREAM frames can cause stream stacking, leading to elevated memory/CPU and DoS. Connected advisories show vulnerable packages and upgraded fixes: kata-containers rpm-ostree (kata-containers < 3.2.0.azl0-2), rpm-ostree

hyper 安全漏洞

hyperium hyper is an open source HTTP library for Rust. It is intended to be a building block for libraries and applications. A security vulnerability exists in hyper version v0.13.7, which stems from high memory and CPU usage and could lead to a denial of service DoS...

PT-2023-3149 · Hyper +2 · Hyper +2

Name of the Vulnerable Software and Affected Versions: hyper version 0.13.7 h2 version 0.2.4 Description: An issue in the H2 component of hyper occurs when processing HTTP2 RST STREAM frames, leading to stream stacking and high memory and CPU usage, which can result in a Denial of Service DoS. Th...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

DEBIAN-CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

SUSE CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

CVE-2023-0382

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption...

Google Golang 资源管理错误漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-45693, CVE-2022-45685)

Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-45693, CVE-2022-45685 Vulnerability Details CVEID:CVE-2022-45693 DESCRIPTION: Jettison is...

OPENSUSE-SU-2023:0077-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2023-24580: Prevent DOS in file uploads. boo1208082 update to 1.11.15 CVE-2018-14574: Fixed Open redirect possibility in CommonMiddleware boo1102680 Fixed WKBWriter.write and writehex for empty polygons on GEOS 3.6.1+ Fixed a...

[SECURITY] Fedora 36 Update: libmemcached-awesome-1.1.4-1.fc36

libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...