9 matches found
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
[slackware-security] openvpn
New openvpn packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/openvpn-2.6.16-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Fix memcmp check for the hmac verification in the...
EUVD-2023-55065
Malicious code in bioql PyPI...
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247 h2o QUIC state exhaustion DoS
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247
The CVE-2023-50247 issue affects the h2o HTTP server (HTTP/1.x, HTTP/2, HTTP/3) where the QUIC stack (quicly), used in versions up to 2.3.0-beta, can trigger a state-exhaustion DoS when serving HTTP/3. The underlying cause is memory growth in the QUIC stack, which may lead to memory exhaustion an...
CVE-2023-50247 h2o QUIC state exhaustion DoS
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
DNS cache servers resource consumption by TCP SYN_SENT states
Overview DNS cache servers consume huge resources for communication with DNS authoritative servers in the following situation. 1 a user sends a query to the DNS cache server 2 the DNS cache server sends a UDP query to an authoritative server 3 when the authoritative server finds that the reply...