2 matches found
AZL-44487 CVE-2022-41717 affecting package podman for versions less than 5.6.1-2
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
AZL-36977 CVE-2022-4123 affecting package podman for versions less than 5.6.1-2
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality...