Lucene search
+L

70 matches found

nessus
nessus
added 2026/06/26 12:0 a.m.6 views

SUSE SLES16 Security Update : ignition (SUSE-SU-2026:22181-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:22181-1 advisory. This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given b...

7.5CVSS6.8AI score0.00781EPSS
Exploits0References4
ibm
ibm
added 2026/06/18 6:29 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an out-of-memory condition in spdystream Go [CVE-2026-35469]

Summary IBM Watson Speech Services Cartridge is vulnerable to an out-of-memory condition in spdystream Go, caused by a flaw in SPDY/3 frame parser that does not validate attacker-controlled counts and lengths before allocating memory CVE-2026-35469. Spdystream Go is used in our speech utilities...

8.7CVSS5.2AI score0.00656EPSS
Exploits0Affected Software1
osv
osv
added 2026/06/11 2:3 p.m.9 views

SUSE-SU-2026:2372-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265764. Changes for google-cloud-sap-agent: - Update to version 3.14 bsc1265991...

7.5CVSS5.4AI score0.00781EPSS
Exploits0References4
osv
osv
added 2026/06/10 1:22 p.m.8 views

SUSE-SU-2026:2348-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265764. Changes for google-cloud-sap-agent: - Update to version 3.14 bsc1265991...

7.5CVSS5.4AI score0.00781EPSS
Exploits0References4
suse
suse
added 2026/06/10 1:14 p.m.7 views

Security update for kubernetes1.27

This update for kubernetes1.27 fixes the following issues CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265740. CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service...

7.5CVSS5.4AI score0.00781EPSS
Exploits0References10
redhatcve
redhatcve
added 2026/06/05 7:46 p.m.10 views

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.4AI score0.00781EPSS
Exploits0References1
osv
osv
added 2026/06/05 12:11 p.m.4 views

SUSE-SU-2026:2280-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...

7.5CVSS5.5AI score0.00781EPSS
Exploits0References3
redhat
redhat
added 2026/06/04 12:39 p.m.3 views

net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

A flaw was found in the HTTP/2 protocol implementation within the Go standard library golang.org/x/net and net/http/internal/http2. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGSMAXFRAMESIZE parameter set to zero. This...

7.5CVSS6.1AI score0.00781EPSS
Exploits0References9
suse
suse
added 2026/06/01 7:8 a.m.16 views

Security update for ignition

This update for ignition fixes the following issue CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References4
osv
osv
added 2026/06/01 7:8 a.m.6 views

SUSE-SU-2026:2192-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References3
amazon
amazon
added 2026/05/26 12:0 a.m.24 views

Important: containerd

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.4AI score0.00813EPSS
Exploits0
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in nghttp2

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload caused a denial of service. The proof-of-concept attack involved a malicious client repeatedly constructing SETTINGS frames with a size of 14,400 bytes 2400 individual setting entries. This attack caused the CPU usag...

7.5CVSS6.7AI score0.05316EPSS
Exploits0References2
osv
osv
added 2026/05/11 5:44 a.m.14 views

BIT-GOLANG-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References17
osv
osv
added 2026/05/07 8:16 p.m.6 views

DEBIAN-CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References1
cve
cve
added 2026/05/07 7:41 p.m.103 views

CVE-2026-33814

CVE-2026-33814 describes an infinite loop in HTTP/2 transport when a SETTINGS_MAX_FRAME_SIZE value of 0 is processed in net/http/internal/http2 (golang.org/x/net). Affected component is the HTTP/2 transport; root cause is improper handling of SETTINGS frames causing repeated CONTINUATION frames, ...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References16Affected Software2
osv
osv
added 2026/05/07 7:21 p.m.44 views

GO-2026-4918 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References4
susecve
susecve
added 2026/04/17 11:25 p.m.6 views

SUSE CVE-2026-35469

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

6.5CVSS5.7AI score0.00656EPSS
Exploits0References15
nvd
nvd
added 2026/04/16 10:16 p.m.6 views

CVE-2026-35469

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

8.7CVSS0.00656EPSS
Exploits0References67
cvelist
cvelist
added 2026/04/16 9:19 p.m.36 views

CVE-2026-35469 SpdyStream: DOS on CRI

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

8.7CVSS0.00656EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/16 9:19 p.m.3 views

CVE-2026-35469 SpdyStream: DOS on CRI

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

8.7CVSS5.7AI score0.00656EPSS
Exploits0References2
Rows per page
Query Builder