Описание
Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2.
A packet size handling flaw has been discovered in neqo-transport. If a server is prompted to send a packet larger than the maximum variant allowed, it will attempt to do so and panic, resulting in a program crash.
Отчет
The impact for this vulnerability in neqo-transport is rated as a low for Red Hat products as the denial of service is limited to the process using neqo-transport and not to the broader system.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 10 | gjs | Fix deferred | ||
| Red Hat Enterprise Linux 10 | thunderbird | Fix deferred | ||
| Red Hat Enterprise Linux 7 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 8 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 8 | thunderbird | Fix deferred | ||
| Red Hat Enterprise Linux 9 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 9 | gjs | Fix deferred | ||
| Red Hat Enterprise Linux 9 | polkit | Fix deferred | ||
| Red Hat Enterprise Linux 9 | thunderbird | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
3.5 Low
CVSS3
Связанные уязвимости
Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2.
EPSS
3.5 Low
CVSS3