Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2024/08/30 12:0 a.m.22 views

CBL Mariner 2.0 Security Update: coredns (CVE-2023-49295)

The version of coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49295 advisory. - quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause...

6.5CVSS6.4AI score0.01194EPSS
Exploits0References2
OSV
OSV
added 2024/04/05 4:53 p.m.24 views

GO-2024-2682 Denial of service via connection starvation in github.com/quic-go/quic-go

An attacker can cause its peer to run out of memory by sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRECONNECTIONID frame. The attacker can prevent the receiver from sending out the vast...

7.5CVSS7.4AI score0.011EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/04/04 3:15 p.m.25 views

CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS7.1AI score0.011EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/04/04 2:25 p.m.15 views

CVE-2024-22189 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS7.5AI score0.011EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/02/21 12:0 a.m.25 views

Fedora 38 : syncthing (2024-b93312a597)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b93312a597 advisory. Update to version 1.27.3. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3 This update also addresses CVE-2023-49295 in quic-go:...

6.5CVSS6.5AI score0.01194EPSS
Exploits0References2
Prion
Prion
added 2024/01/10 10:15 p.m.31 views

Design/Logic Flaw

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

4CVSS6.8AI score0.01194EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/10 3:8 p.m.20 views

quic-go's path validation mechanism can be exploited to cause denial of service

An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can prevent the receiver from sending out the vast majority of these PATHRESPONSE frames by...

6.5CVSS7AI score0.01194EPSS
Exploits0References14Affected Software1
Rows per page
Query Builder