Search CVE reports
11 – 18 of 18 results
Some fixes available 16 of 66
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...
7 affected packages
golang-google-grpc, grpc, h2o, nginx, trafficserver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| h2o | Not affected | Not affected | Not affected | Vulnerable |
| nginx | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable |
| twisted | Fixed | Fixed | Fixed | Fixed |
| netty | Not affected | Not affected | Not affected | Fixed |
Some fixes available 16 of 83
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...
16 affected packages
golang-1.10, golang-1.11, golang-1.12, golang, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| nginx | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable |
| twisted | Fixed | Fixed | Fixed | Fixed |
| h2o | Not affected | Not affected | Not affected | Needs evaluation |
| nodejs | Not affected | Not affected | Not affected | Ignored |
| grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netty | Not affected | Not affected | Not affected | Fixed |
| golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 16 of 42
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...
13 affected packages
golang-1.9, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| h2o | Not affected | Not affected | Not affected | Needs evaluation |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| nginx | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable |
| twisted | Fixed | Fixed | Fixed | Fixed |
| netty | Not affected | Not affected | Not affected | Fixed |
Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.
1 affected package
h2o
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| h2o | Not affected | Not affected | Not affected | Vulnerable |
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.
1 affected package
h2o
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| h2o | — | — | — | Not affected |
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.
1 affected package
h2o
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| h2o | — | — | — | Not affected |
Not in release
Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.
1 affected package
h2o
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| h2o | — | — | — | — |
Not in release
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.
1 affected package
h2o
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| h2o | — | — | — | — |