CVSS: 7.5EPSS: 81%CPEs: 444EXPL: 7CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34462 – netty-handler SniHandler 16MB allocation
https://notcve.org/view.php?id=CVE-2023-34462
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. • https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32 https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845 https://security.netapp.com/advisory/ntap-20230803-0001 https://security.netapp.com/advisory/ntap-20240621-0007 https://www.debian.org/security/2023/dsa-5558 https://access.redhat.com/security/cve/CVE-2023-34462 https://bugzilla.redhat.com/show_bug.cgi?id=2216888 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41881 – codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS
https://notcve.org/view.php?id=CVE-2022-41881
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. El proyecto Netty es un framework de aplicación de red asíncrona impulsado por eventos. • https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html https://security.netapp.com/advisory/ntap-20230113-0004 https://www.debian.org/security/2023/dsa-5316 https://access.redhat.com/security/cve/CVE-2022-41881 https://bugzilla.redhat.com/show_bug.cgi?id=2153379 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 2CVE-2022-24823 – Local Information Disclosure Vulnerability in io.netty:netty-codec-http
https://notcve.org/view.php?id=CVE-2022-24823
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. • https://github.com/netty/netty/commit/185f8b2756a36aaa4f973f1a2a025e7d981823f1 https://github.com/netty/netty/security/advisories/GHSA-269q-hmxg-m83q https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 https://security.netapp.com/advisory/ntap-20220616-0004 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-24823 https://bugzilla.redhat.com/show_bug.cgi?id=2087186 • CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-43797 – HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling
https://notcve.org/view.php?id=CVE-2021-43797
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. • https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html https://security.netapp.com/advisory/ntap-20220107-0003 https://www.debian.org/security/2023/dsa-5316 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2021-43797 https://bugzilla&# • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •