Exploit for Double Free in Apache Http_Server

CVE-2026-23918 CVE-2026-23918: Apache HTTP/2 Double...

EUVD-2022-2151

Malicious code in bioql PyPI...

EUVD-2023-39929

Malicious code in bioql PyPI...

EUVD-2023-1284

Malicious code in bioql PyPI...

CVE-2025-5115 MadeYouReset HTTP/2 vulnerability

In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume...

Exploit for Uncontrolled Resource Consumption in Ietf Http

PoC - CVE-2023-44487: HTTP/2 Rapid Reset Attack Este reposito...

EulerOS 2.0 SP10 : nghttp2 (EulerOS-SA-2023-3189)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon...

EulerOS Virtualization 2.10.0 : nghttp2 (EulerOS-SA-2023-3478)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset

Impact Rapidly creating and cancelling streams HEADERS frame immediately followed by RSTSTREAM without bound cause denial of service. See https://vulners.com/cve/CVE-2023-44487 for details. Patches nghttp2 v1.57.0 mitigates this vulnerability by default. Workarounds If upgrading to nghttp2 v1.57....

Important: nghttp2

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to...

Fedora 37 : clevis-pin-tpm2 / greetd / keyring-ima-signer / libkrun / etc (2023-37ae269843)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-37ae269843 advisory. Recent updates for the tokio, h2, and openssl crates addressed some potential or confirmed security or soundness issues: - tokio: RUSTSEC-2023-0005 - h2:...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

Design/Logic Flaw

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

CVE-2019-9514

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Updated golang-googlecode-net package fixes security vulnerabilities

This code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both...

Kubernetes 1.13.x < 1.13.10 / 1.14.x < 1.14.6 / 1.15.x < 1.15.3 DoS

The version of Kubernetes installed on the remote host is a version prior to 1.13.10, or 1.14.x prior to 1.14.6, or 1.15.x prior to 1.15.3. It is, therefore, affected by the following denial of service vulnerabilities : - A denial of service DoS vulnerability exists in HTTP/2 due to some HTTP/2...