EUVD-2024-0394

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-49295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number...

Azure Linux 3.0 Security Update: coredns (CVE-2023-49295)

The version of coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49295 advisory. - quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause...

Fedora 38 : syncthing (2024-b93312a597)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b93312a597 advisory. Update to version 1.27.3. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3 This update also addresses CVE-2023-49295 in quic-go:...

CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...