CVSS: 7.5EPSS: 83%CPEs: 444EXPL: 7CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45239
https://notcve.org/view.php?id=CVE-2023-45239
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. Existe una falta de validación de entrada en tac_plus antes del commit 4fdf178 que, cuando los comandos de autenticación previa o posterior están habilitados, permite a un atacante que puede controlar el nombre de usuario, rem-addr o la dirección NAC enviada a tac_plus inyectar comandos de shell y obtener código remoto ejecución en el servidor tac_plus. • https://github.com/facebook/tac_plus/pull/41 https://github.com/facebook/tac_plus/security/advisories/GHSA-p334-5r3g-4vx3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4J7ZYMFZB4G4OU5EDJPQLP6F6RKDGIH • CWE-790: Improper Filtering of Special Elements •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30470
https://notcve.org/view.php?id=CVE-2023-30470
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. • https://github.com/facebook/hermes/commit/da8990f737ebb9d9810633502f65ed462b819c09 https://www.facebook.com/security/advisories/cve-2023-30470 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28753
https://notcve.org/view.php?id=CVE-2023-28753
netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data. • https://github.com/facebook/netconsd/commit/9fc54edf54f7caea1189c2b979337ed37af2c60e https://www.facebook.com/security/advisories/cve-2023-28753 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28081
https://notcve.org/view.php?id=CVE-2023-28081
A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. • https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81 https://www.facebook.com/security/advisories/cve-2023-28081 • CWE-416: Use After Free •