Количество 31
Количество 31
RLSA-2023:6938
Moderate: container-tools:4.0 security and bug fix update
ELSA-2023-6938
ELSA-2023-6938: container-tools:4.0 security and bug fix update (MODERATE)
RLSA-2023:6939
Moderate: container-tools:rhel8 security and bug fix update
ELSA-2023-6939
ELSA-2023-6939: container-tools:ol8 security and bug fix update (MODERATE)
ROS-20240418-06
Множественные уязвимости buildah
SUSE-SU-2023:2312-1
Security update for go1.18-openssl
GHSA-w4h2-22wh-m6jx
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files...
BDU:2023-01943
Уязвимость библиотек net/http и mime/multipart средства разработки GoLang, используемых в прикладном программном обеспечении ППО "Аврора Центр", позволяющая нарушителю выполнить атаку типа "отказ в обслуживании
GHSA-89mw-w342-mqrr
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
BDU:2024-03152
Уязвимость пакета crypto/tls языка программирования Golang, позволяющая нарушителю вызвать отказ в обслуживании
ELSA-2023-6380
ELSA-2023-6380: runc security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2023:6938 Moderate: container-tools:4.0 security and bug fix update | 2 месяца назад | ||
| ELSA-2023-6938 ELSA-2023-6938: container-tools:4.0 security and bug fix update (MODERATE) | около 2 лет назад | ||
| RLSA-2023:6939 Moderate: container-tools:rhel8 security and bug fix update | 2 месяца назад | ||
| ELSA-2023-6939 ELSA-2023-6939: container-tools:ol8 security and bug fix update (MODERATE) | около 2 лет назад | ||
 | ROS-20240418-06 Множественные уязвимости buildah | CVSS3: 9.8 | почти 2 года назад | |
 | SUSE-SU-2023:2312-1 Security update for go1.18-openssl | больше 2 лет назад | ||
| GHSA-w4h2-22wh-m6jx A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files... | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | BDU:2023-01943 Уязвимость библиотек net/http и mime/multipart средства разработки GoLang, используемых в прикладном программном обеспечении ППО "Аврора Центр", позволяющая нарушителю выполнить атаку типа "отказ в обслуживании | CVSS3: 7.3 | 0% Низкий | почти 3 года назад |
| GHSA-89mw-w342-mqrr Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
| BDU:2024-03152 Уязвимость пакета crypto/tls языка программирования Golang, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
| ELSA-2023-6380 ELSA-2023-6380: runc security update (MODERATE) | около 2 лет назад |
Уязвимостей на страницу