exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 125 RSS Feed

CVE-2023-39325

Status Candidate

Overview

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

Related Files

Ubuntu Security Notice USN-7109-1
Posted Nov 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7109-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24531, CVE-2023-24536, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39323, CVE-2023-39325, CVE-2023-45288, CVE-2023-45290
SHA-256 | 58c0bd17f1c8113660d80deb0928ae6b2fe30fb7373a788126eaeb55879ba80a
Ubuntu Security Notice USN-7061-1
Posted Oct 10, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

tags | advisory, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2023-24531, CVE-2023-24538, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39319, CVE-2023-39325, CVE-2024-24785
SHA-256 | 366aa6bc269ca28c4b992ad13527bd77d7968a9ad5dcd84915ed51954acbe4c1
Red Hat Security Advisory 2024-4118-03
Posted Jun 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4118-03 - An update is now available for Red Hat Ceph Storage 5.3. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | a969ee2cce4f0aadc7c69ca3016f7ccfd1e24e38056af106a4ea061a1a379369
Red Hat Security Advisory 2024-3927-03
Posted Jun 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3927-03 - A new container image for Red Hat Ceph Storage 7.1 is now available in the Red Hat Ecosystem Catalog.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 2a34112f7e1e0cd7312b6bcfdaede6f66f1ddaa933d2c4670c126974da2d0af9
Red Hat Security Advisory 2024-1765-03
Posted Apr 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1765-03 - Red Hat OpenShift Container Platform release 4.14.21 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 05481f7c3649a9e35aede703a8538b33720ac9d22340adc40f7958520c4d04de
Red Hat Security Advisory 2024-1770-03
Posted Apr 17, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1770-03 - Red Hat OpenShift Container Platform release 4.15.9 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | daee32868e7ca70e2bde712186648be799e997daa39555af43a1ec11879bd6d9
Red Hat Security Advisory 2024-1572-03
Posted Apr 3, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1572-03 - Red Hat OpenShift Container Platform release 4.12.54 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 60434a47d41fd723b913ce39f134663ea9ecbd84f54bda9de217da51e443283a
Red Hat Security Advisory 2024-1464-03
Posted Mar 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1464-03 - Red Hat OpenShift Container Platform release 4.11.59 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | d923fa30065852ae0a83cda8a9dbf574449cb506ee1506cc7c34af2265d9920e
Red Hat Security Advisory 2024-1449-03
Posted Mar 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1449-03 - Red Hat OpenShift Container Platform release 4.15.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 411f8be9e2cd7e31467ea75a03c86dbda9b5cc6baf18efa8cff43e0323028924
Red Hat Security Advisory 2024-1458-03
Posted Mar 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1458-03 - Red Hat OpenShift Container Platform release 4.14.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 7a0151c80a85d152c9d9040e75203632a9286f02cafca6a401b093e08121249d
Red Hat Security Advisory 2024-1454-03
Posted Mar 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1454-03 - Red Hat OpenShift Container Platform release 4.13.38 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 71bace167afcc96939c35c388f9fa93c27cfc6960e677ca356311fa3f9c29d5a
Red Hat Security Advisory 2024-1037-03
Posted Mar 7, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1037-03 - Red Hat OpenShift Container Platform release 4.13.36 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 5d7d154d2cc0073a8f42e62a4daf7a9e98a3ad019079deca2a3102a76f5e1909
Red Hat Security Advisory 2024-1052-03
Posted Mar 6, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1052-03 - Red Hat OpenShift Container Platform release 4.12.51 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | e494948c55a00247768991156a543f65750a55ba774040322b7f3ccb3b1ec888
Red Hat Security Advisory 2024-0302-03
Posted Mar 6, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0302-03 - Kube Descheduler Operator for Red Hat OpenShift 5.0.0 for RHEL 9.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 5f5277605c823a06cf73ee9ab7a0cc4a127ba95f405d564711f66dcbda0a65f7
Red Hat Security Advisory 2024-0946-03
Posted Feb 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0946-03 - Red Hat OpenShift Container Platform release 4.13.35 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | c7918df94e4b2c86cb33e139d456d7f54e9a8741020efcb19d0005d06d6d1877
Red Hat Security Advisory 2024-0941-03
Posted Feb 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0941-03 - Red Hat OpenShift Container Platform release 4.14.14 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 88515d8dc20b43876aa27fd2b6ea898a9382283551f5b1568a1b7fb39619d92a
Red Hat Security Advisory 2024-0766-03
Posted Feb 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0766-03 - Red Hat OpenShift Container Platform release 4.15.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 0b26eca9dcc849bc191d462ba5264489f4737c4f0172c2b4f44c30fafc4a93f8
Red Hat Security Advisory 2024-0269-03
Posted Feb 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0269-03 - An update for run-once-duration-override-container, run-once-duration-override-operator-bundle-container, and run-once-duration-override-operator-container is now available for RODOO-1.1-RHEL-9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 46625cb3eb40e90ad293ce294aea948362a70da1520a790c756bf54de3a4e920
Red Hat Security Advisory 2024-0833-03
Posted Feb 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0833-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 86eab7c365c054b85dd2d9596b3c028609cb6ee42eb6378d148f65f4389833fd
Red Hat Security Advisory 2024-0837-03
Posted Feb 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0837-03 - Red Hat OpenShift Container Platform release 4.14.13 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | d1bdf47cb8160404fe1823442680fae112d3f1c54d5ff3b387c3907fd6f7cc8d
Red Hat Security Advisory 2024-0664-03
Posted Feb 9, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0664-03 - Red Hat OpenShift Container Platform release 4.12.49 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 1da07cdb9aa4a53f1187e7f3fcb279754ceec250b05709a09b3e42f4c25e3ff5
Red Hat Security Advisory 2024-0660-03
Posted Feb 8, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0660-03 - Red Hat OpenShift Container Platform release 4.13.32 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | d1deb804d0bf3831445ba66f8c6e6712dacebbb5bbdee193372f7a42944ed6fb
Red Hat Security Advisory 2024-0642-03
Posted Feb 8, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0642-03 - An update is now available for Red Hat OpenShift Container Platform 4.14. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 067c672d45f32da5faea03fc51d1c52b2b5db641ef22c66e5fb097dc8344f747
Red Hat Security Advisory 2024-0484-03
Posted Feb 2, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0484-03 - Red Hat OpenShift Container Platform release 4.13.31 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | ed0abdf5084bca41a7e826e8b9844a8e96dedf41534bff01ec99c36841743575
Red Hat Security Advisory 2024-0306-03
Posted Jan 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0306-03 - Red Hat OpenShift Container Platform release 4.11.57 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 09837e1c2e8758cb9ff8c02560439bf394ca34852ae1d83b053f97dd7d591351
Page 1 of 5
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close