9 matches found
PT-2026-47611
For each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding...
JLSEC-2026-4 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...
nghttp2: CONTINUATION frames DoS
A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...
nghttp2: CONTINUATION frames DoS
A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...
nghttp2: CONTINUATION frames DoS
A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...
nghttp2: CONTINUATION frames DoS
A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...
nghttp2: CONTINUATION frames DoS
A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...
OESA-2024-1389 nghttp2 security update
The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: nghttp2 is an implementation of the Hypertext Transfer Protocol versi...
UPDATE: Ostinato 0.9!
PenTestIT RSS Feed This tool came to my rescue yet again today! If you remember, I had blogged about this tool in my older post titled - Ostinato: The Network Traffic Generator and Analyzer! As always, before using any tool I tried to update it and there it was - Ostinato 0.9. This update was...