Количество 91
Количество 91
CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
CVE-2023-45288
CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of ...
RLSA-2024:3830
Moderate: gvisor-tap-vsock security and bug fix update
GHSA-rr6r-cfgf-gc6h
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
ELSA-2024-3831
ELSA-2024-3831: containernetworking-plugins security and bug fix update (MODERATE)
ELSA-2024-3830
ELSA-2024-3830: gvisor-tap-vsock security and bug fix update (MODERATE)
BDU:2024-02047
Уязвимость пакета golang операционной системы Debian GNU/Linux, позволяющая нарушителю вызвать отказ в обслуживании (DoS)
SUSE-SU-2025:0581-1
Security update for buildah
SUSE-SU-2025:0299-1
Security update for ignition
SUSE-SU-2024:3155-1
Security update for kubernetes1.26
SUSE-SU-2024:2108-1
Security update for containerd
SUSE-SU-2024:1161-1
Security update for go1.21
SUSE-SU-2024:1160-1
Security update for go1.22
SUSE-SU-2024:1122-1
Security update for go1.21
SUSE-SU-2024:1121-1
Security update for go1.22
RLSA-2024:2699
Important: git-lfs security update
GHSA-4v7x-pqxf-cx7m
net/http, x/net/http2: close connections when receiving too many headers
ELSA-2024-2699
ELSA-2024-2699: git-lfs security update (IMPORTANT)
ELSA-2024-1963
ELSA-2024-1963: golang security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-45288 An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. | CVSS3: 7.5 | 65% Средний | около 1 года назад |
 | CVSS3: 7.5 | 65% Средний | 9 месяцев назад | |
| CVE-2023-45288 An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of ... | CVSS3: 7.5 | 65% Средний | около 1 года назад |
 | RLSA-2024:3830 Moderate: gvisor-tap-vsock security and bug fix update | 0% Низкий | около 1 года назад | |
| GHSA-rr6r-cfgf-gc6h When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| ELSA-2024-3831 ELSA-2024-3831: containernetworking-plugins security and bug fix update (MODERATE) | около 1 года назад | ||
| ELSA-2024-3830 ELSA-2024-3830: gvisor-tap-vsock security and bug fix update (MODERATE) | около 1 года назад | ||
 | BDU:2024-02047 Уязвимость пакета golang операционной системы Debian GNU/Linux, позволяющая нарушителю вызвать отказ в обслуживании (DoS) | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | SUSE-SU-2025:0581-1 Security update for buildah | 65% Средний | 4 месяца назад | |
| SUSE-SU-2025:0299-1 Security update for ignition | 65% Средний | 5 месяцев назад | |
| SUSE-SU-2024:3155-1 Security update for kubernetes1.26 | 65% Средний | 10 месяцев назад | |
| SUSE-SU-2024:2108-1 Security update for containerd | 65% Средний | 12 месяцев назад | |
| SUSE-SU-2024:1161-1 Security update for go1.21 | 65% Средний | около 1 года назад | |
| SUSE-SU-2024:1160-1 Security update for go1.22 | 65% Средний | около 1 года назад | |
| SUSE-SU-2024:1122-1 Security update for go1.21 | 65% Средний | около 1 года назад | |
| SUSE-SU-2024:1121-1 Security update for go1.22 | 65% Средний | около 1 года назад | |
| RLSA-2024:2699 Important: git-lfs security update | 65% Средний | около 1 года назад | |
| GHSA-4v7x-pqxf-cx7m net/http, x/net/http2: close connections when receiving too many headers | CVSS3: 5.3 | 65% Средний | около 1 года назад |
| ELSA-2024-2699 ELSA-2024-2699: git-lfs security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-1963 ELSA-2024-1963: golang security update (IMPORTANT) | около 1 года назад |
Уязвимостей на страницу