Lucene search
+L

57 matches found

OSV
OSV
added 2023/10/25 6:19 a.m.90 views

BIT-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits20References109Affected Software1
RedHat Linux
RedHat Linux
added 2023/10/24 12:18 p.m.6 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits20References9
OSV
OSV
added 2023/10/23 7:15 a.m.5 views

AZL-43531 CVE-2023-45802 affecting package mod_http2 1.15.14-2

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS6.8AI score0.03024EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2023/10/23 7:0 a.m.3 views

Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST

...

5.9CVSS7.5AI score0.03024EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2023/10/20 2:51 p.m.5 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits20References9
RedHat Linux
RedHat Linux
added 2023/10/18 10:59 p.m.7 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits20References9
RedHat Linux
RedHat Linux
added 2023/10/18 7:59 a.m.6 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits20References9
SUSE CVE
SUSE CVE
added 2023/10/11 1:47 a.m.6 views

SUSE CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.5AI score0.99999EPSS
Exploits20References116
OSV
OSV
added 2023/10/10 2:15 p.m.20 views

AZL-31297 CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.1AI score0.99999EPSS
Exploits20References1
NVD
NVD
added 2023/10/10 2:15 p.m.44 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.9AI score0.99999EPSS
Exploits20References173
OSV
OSV
added 2023/10/10 2:15 p.m.9 views

AZL-34904 CVE-2023-44487 affecting package kubevirt for versions less than 0.59.0-9

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits20References1
OSV
OSV
added 2023/10/10 12:0 a.m.59 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.1AI score0.99999EPSS
Exploits20References175
OSV
OSV
added 2023/10/10 12:0 a.m.4 views

UBUNTU-CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits20References32
Prion
Prion
added 2021/08/24 9:15 p.m.21 views

Design/Logic Flaw

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has ON^2 complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are...

5CVSS7.4AI score0.0123EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/07/01 6:46 p.m.8 views

envoy: Resource exhaustion via HTTP/2 client requests with large payloads and improper stream windows

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream...

7.5CVSS7.1AI score0.01703EPSS
Exploits0References5
OSV
OSV
added 2019/08/13 9:15 p.m.3 views

ALPINE-CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the...

7.5CVSS8.9AI score0.82813EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/01/27 12:0 a.m.22 views

FreeBSD -- SCTP stream reset vulnerability

Problem Description: The input validation of received SCTP RECONFIG chunks is insufficient, and can result in a NULL pointer deference later. Impact: A remote attacker who can send a malformed SCTP packet to a FreeBSD system that serves SCTP can cause a kernel panic, resulting in a Denial of...

7.8CVSS6.4AI score0.02812EPSS
Exploits0
Rows per page
Query Builder