CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1191 – Hyper CdCatalog HCF File denial of service
https://notcve.org/view.php?id=CVE-2024-1191
A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. • https://fitoxs.com/vuldb/19-exploit-perl.txt https://vuldb.com/?ctiid.252681 https://vuldb.com/?id.252681 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23741
https://notcve.org/view.php?id=CVE-2024-23741
An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. Un problema en Hyper en macOS versión 3.4.1 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de la configuración RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2024-23741 https://github.com/V3x0r/CVE-2024-23741 https://www.electronjs.org/blog/statement-run-as-node-cves •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26964
https://notcve.org/view.php?id=CVE-2023-26964
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS). • https://github.com/hyperium/hyper/issues/2877 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBAE7LQARMPUEEV4TWET4D7G6WCWBUD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYRZ5Y2ALATKKPIITAFAJIS4TR4LUAHO • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31394
https://notcve.org/view.php?id=CVE-2022-31394
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. • https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19 https://github.com/hyperium/hyper/issues/2826 https://github.com/hyperium/hyper/pull/2828 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39294 – (DoS) Denial of Service from unchecked request length in conduit-hyper
https://notcve.org/view.php?id=CVE-2022-39294
conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request's length before calling [`hyper::body::to_bytes`](https://docs.rs/hyper/latest/hyper/body/fn.to_bytes.html). An attacker could send a malicious request with an abnormally large `Content-Length`, which could lead to a panic if memory allocation failed for that request. In version 0.4.2, `conduit-hyper` sets an internal limit of 128 MiB per request, otherwise returning status 400 ("Bad Request"). This crate is part of the implementation of Rust's [crates.io](https://crates.io/), but that service is not affected due to its existing cloud infrastructure, which already drops such malicious requests. • https://github.com/conduit-rust/conduit-hyper/security/advisories/GHSA-9398-5ghf-7pr6 • CWE-400: Uncontrolled Resource Consumption CWE-1284: Improper Validation of Specified Quantity in Input •