Количество 98
Количество 98
RLSA-2024:3346
Important: git-lfs security update
RLSA-2024:2724
Important: git-lfs security update
ELSA-2024-3346
ELSA-2024-3346: git-lfs security update (IMPORTANT)
ELSA-2024-2724
ELSA-2024-2724: git-lfs security update (IMPORTANT)
ELSA-2024-3259
ELSA-2024-3259: go-toolset:ol8 security update (IMPORTANT)
RLSA-2024:2562
Important: golang security update
ELSA-2024-2562
ELSA-2024-2562: golang security update (IMPORTANT)
ROS-20240422-05
Множественные уязвимости golang
SUSE-SU-2024:3755-1
Security update for go1.21-openssl
SUSE-SU-2024:3089-1
Security update for go1.21-openssl
SUSE-SU-2024:3938-1
Security update for go1.22-openssl
SUSE-SU-2024:3772-1
Security update for go1.22-openssl
SUSE-SU-2024:0936-1
Security update for go1.22
SUSE-SU-2024:0812-1
Security update for go1.22
SUSE-SU-2024:0811-1
Security update for go1.21
SUSE-SU-2024:0800-1
Security update for go1.21
CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
CVE-2023-45288
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2024:3346 Important: git-lfs security update | больше 1 года назад | ||
| RLSA-2024:2724 Important: git-lfs security update | больше 1 года назад | ||
| ELSA-2024-3346 ELSA-2024-3346: git-lfs security update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2024-2724 ELSA-2024-2724: git-lfs security update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2024-3259 ELSA-2024-3259: go-toolset:ol8 security update (IMPORTANT) | больше 1 года назад | ||
| RLSA-2024:2562 Important: golang security update | больше 1 года назад | ||
| ELSA-2024-2562 ELSA-2024-2562: golang security update (IMPORTANT) | больше 1 года назад | ||
 | ROS-20240422-05 Множественные уязвимости golang | CVSS3: 7.5 | больше 1 года назад | |
 | SUSE-SU-2024:3755-1 Security update for go1.21-openssl | 12 месяцев назад | ||
| SUSE-SU-2024:3089-1 Security update for go1.21-openssl | около 1 года назад | ||
| SUSE-SU-2024:3938-1 Security update for go1.22-openssl | 12 месяцев назад | ||
| SUSE-SU-2024:3772-1 Security update for go1.22-openssl | 12 месяцев назад | ||
| SUSE-SU-2024:0936-1 Security update for go1.22 | больше 1 года назад | ||
| SUSE-SU-2024:0812-1 Security update for go1.22 | больше 1 года назад | ||
| SUSE-SU-2024:0811-1 Security update for go1.21 | больше 1 года назад | ||
| SUSE-SU-2024:0800-1 Security update for go1.21 | больше 1 года назад | ||
 | CVE-2023-45288 An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. | CVSS3: 7.5 | 67% Средний | больше 1 года назад |
 | CVE-2023-45288 An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. | CVSS3: 7.5 | 67% Средний | больше 1 года назад |
 | CVE-2023-45288 An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. | CVSS3: 7.5 | 67% Средний | больше 1 года назад |
 | CVSS3: 7.5 | 67% Средний | около 1 года назад |
Уязвимостей на страницу