Lucene search
K

9 matches found

OSV
OSV
added 2026/05/07 10:13 a.m.7 views

CLSA-2026-1778148827 nghttp2: Fix of CVE-2023-35945

CVE-2023-35945: fix memory leak in nghttp2sessionmemsendinternal when onstreamclosecallback returns a fatal error during send-failure handling...

7.5CVSS7.1AI score0.01106EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/10 6:31 p.m.95 views

Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly

Summary At the rate limit filter, if we enabled the response phase limit with applyonstreamdone in the rate limit configuration and the response phase limit request fails directly, it may crash Envoy. Details When both the request phase limit and response phase limit are enabled, the safe gRPC...

7.5CVSS5.8AI score0.00315EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/10 6:31 p.m.1 views

GHSA-C23C-RP3M-VPG3 Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly

Summary At the rate limit filter, if we enabled the response phase limit with applyonstreamdone in the rate limit configuration and the response phase limit request fails directly, it may crash Envoy. Details When both the request phase limit and response phase limit are enabled, the safe gRPC...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References3
OSV
OSV
added 2022/09/09 3:15 p.m.2 views

DEBIAN-CVE-2022-2526

A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...

9.8CVSS6.8AI score0.01091EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/09 3:15 p.m.2 views

CVE-2022-2526

A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...

9.8CVSS6.8AI score0.01091EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/08/29 5:23 p.m.10 views

systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c

A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...

9.8CVSS7.1AI score0.01091EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/08/24 5:54 p.m.9 views

systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c

A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...

9.8CVSS7.1AI score0.01091EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/08/24 4:47 p.m.9 views

systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c

A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...

9.8CVSS7.1AI score0.01091EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/22 12:0 a.m.5 views

Vulnerabilities of the functions on_stream_io(), dns_stream_complete() in the resolved-dns-stream.c component of the initialization and service management subsystem of the Systemd-based Linux operating systems, allowing a hacker to execute arbitrary code or cause service failures.

The vulnerabilities of the onstreamio and dnsstreamcomplete functions in the resolved-dns-stream.c component of the initialization and service management subsystem of the Systemd-based Linux operating systems are related to the use of memory after it is freed. Exploiting these vulnerabilities cou...

9.6CVSS7.7AI score0.01091EPSS
Exploits0References10Affected Software15
Rows per page
Query Builder