Page 15 of 2305 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. • https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4 https: • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 8

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. Esta falla hace que curl desborde un búfer basado en el protocolo de enlace del proxy SOCKS5. Cuando se le pide a curl que pase el nombre de host al proxy SOCKS5 para permitir que resuelva la dirección en lugar de que lo haga curl mismo, la longitud máxima que puede tener el nombre de host es 255 bytes. Si se detecta que el nombre de host es más largo, curl cambia a la resolución de nombres local y en su lugar pasa solo la dirección resuelta. • https://github.com/d0rb/CVE-2023-38545 https://github.com/vanigori/CVE-2023-38545-sample https://github.com/UTsweetyfish/CVE-2023-38545 https://github.com/fatmo666/CVE-2023-38545-libcurl-SOCKS5-heap-buffer-overflow https://github.com/imfht/CVE-2023-38545 https://github.com/bcdannyboy/CVE-2023-38545 https://github.com/dbrugman/CVE-2023-38545-POC https://github.com/Yang-Shun-Yu/CVE-2023-38545 http://seclists.org/fulldisclosure/2024/Jan/34 http://seclists.org/fulldisclosure • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 83%CPEs: 444EXPL: 7

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. LibTIFF es vulnerable a un desbordamiento de enteros. Esta falla permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar un código arbitrario a través de una imagen tiff manipulada, lo que desencadena un desbordamiento del búfer. • https://access.redhat.com/errata/RHSA-2024:2289 https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://security.netapp.com/advisory/ntap-20231110-0005 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 3

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. El problema se solucionó con controles mejorados. • https://github.com/po6ix/POC-for-CVE-2023-41993 https://github.com/J3Ss0u/CVE-2023-41993 https://github.com/0x06060606/CVE-2023-41993 https://security.gentoo.org/glsa/202401-33 https://security.netapp.com/advisory/ntap-20240426-0004 https://support.apple.com/en-us/HT213940 https://access.redhat.com/security/cve/CVE-2023-41993 https://bugzilla.redhat.com/show_bug.cgi?id=2240522 • CWE-754: Improper Check for Unusual or Exceptional Conditions •