CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2022-0618
https://notcve.org/view.php?id=CVE-2022-0618
09 Mar 2022 — A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE ... • https://github.com/apple/swift-nio-http2/security/advisories/GHSA-q36x-r5x4-h4q6 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24668
https://notcve.org/view.php?id=CVE-2022-24668
09 Feb 2022 — A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. • https://github.com/apple/swift-nio-http2/security/advisories/GHSA-pgfx-g6rc-8cjv • CWE-241: Improper Handling of Unexpected Data Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24667
https://notcve.org/view.php?id=CVE-2022-24667
09 Feb 2022 — A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK head... • https://github.com/apple/swift-nio-http2/security/advisories/GHSA-w3f6-pc54-gfw7 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2022-24666
https://notcve.org/view.php?id=CVE-2022-24666
09 Feb 2022 — A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS frame where the frame contains priority information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire ... • https://github.com/apple/swift-nio-http2/security/advisories/GHSA-ccw9-q5h2-8c2w • CWE-130: Improper Handling of Length Parameter Inconsistency •