CVE-2021-28165 – jetty: Resource exhaustion when receiving an invalid large TLS frame
https://notcve.org/view.php?id=CVE-2021-28165
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. En Eclipse Jetty versiones 7.2.2 hasta 9.4.38, versiones 10.0.0.alpha0 hasta 10.0.1 y versiones 11.0.0.alpha0 hasta 11.0.1, el uso de CPU puede alcanzar el 100% al recibir una gran trama TLS no válida. When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability. • https://github.com/uthrasri/CVE-2021-28165 http://www.openwall.com/lists/oss-security/2021/04/20/3 https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad%40%3Creviews.spark • CWE-400: Uncontrolled Resource Consumption CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization CWE-755: Improper Handling of Exceptional Conditions •
CVE-2019-11486
https://notcve.org/view.php?id=CVE-2019-11486
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. El controlador de disciplina de línea Siemens R3964 en drivers/tty/n_r3964.c en el kernel de Linux antes de la versión 5.0.8 tiene múltiples condiciones de carrera. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://www.openwall.com/lists/oss-security/2019/04/29/1 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •