what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

CVE-2020-11080

Status Candidate

Overview

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

Related Files

Ubuntu Security Notice USN-6142-1
Posted Jun 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6142-1 - Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-11080
SHA-256 | 8db0cfa1ab9c208a5c6578a0215c4766c126c7705ad9c0c431e5eb80778831e7
Red Hat Security Advisory 2020-3578-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3578-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-14040, CVE-2020-7015, CVE-2020-7598, CVE-2020-8174
SHA-256 | 76031ee5b291a4db7234b7111c7dc3217a89ce4c9123293670c14dbd76b08150
Red Hat Security Advisory 2020-3525-01
Posted Aug 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3525-01 - Quay 3.3.1 release has been released. An issue where build triggers can disclose robot account names and existence of private repos within namespaces has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-12049, CVE-2020-13777, CVE-2020-14313
SHA-256 | 3f0048d4bdec59a51f24f090fac9217f3567fd502a0907966e5df07b310946ee
Red Hat Security Advisory 2020-3372-01
Posted Aug 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3372-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-14040, CVE-2020-9283
SHA-256 | 15f8218926e31fddac4d72a068f13ab48a873143fcc6b353105a0e0f83f64a23
Red Hat Security Advisory 2020-3084-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3084-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-7598, CVE-2020-8174
SHA-256 | 7a4caa69e6c2b55ec9e17b1435e419c0e4f4298a4da2e39e480c2298868fd2f7
Red Hat Security Advisory 2020-3042-01
Posted Jul 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3042-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8174
SHA-256 | e7765e130071fe1aed44a6aa897f5dc59df0c6c8f4136fb6ca90fc3edb17713a
Red Hat Security Advisory 2020-2895-01
Posted Jul 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2895-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass, denial of service, and integer overflow vulnerabilities.

tags | advisory, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174
SHA-256 | 680e779c9e3835286a8719240773d16d587c92d31d1a764199074cfa834ac3be
Red Hat Security Advisory 2020-2852-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2852-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174
SHA-256 | 1e24609706569805264896389d47a50da4b931bded85681c1a9784b359ee9210
Red Hat Security Advisory 2020-2848-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2848-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8174
SHA-256 | 01d7c988d318715dd14781e26eec5cc619ac01728927cd50142b32f5c9df60c2
Red Hat Security Advisory 2020-2849-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2849-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8174
SHA-256 | dc60f758491980ac3a11561215a4caff0c35e2289f85ed044b975b26538c56e1
Red Hat Security Advisory 2020-2847-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2847-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174
SHA-256 | e5f4967b448d97773a801b2e8a80c6460ccfb6a255a99ae1e1723bed68884dab
Red Hat Security Advisory 2020-2850-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2850-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
SHA-256 | 116201c31d0e45a4806e06ae99432f7de0d7d319057ab8a9e0d2a7c6a6372148
Red Hat Security Advisory 2020-2823-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2823-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
SHA-256 | e7842fbbcf3bae47b075a53a2a176c7fd73322cb94b6f298a861b649a712e938
Red Hat Security Advisory 2020-2784-01
Posted Jul 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2784-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
SHA-256 | 94bf8e913e098f956f7b8158d51276e0542af032d25d8ecfaf3f6157e54cf2b4
Debian Security Advisory 4696-1
Posted Jun 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4696-1 - Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2020-11080, CVE-2020-8174
SHA-256 | d8516cb50b72042afd3677ce970bc7873ca8cf7463bb3f2d29ebe7a93cbe32c0
Red Hat Security Advisory 2020-2755-01
Posted Jun 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2755-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
SHA-256 | d11adf3d805faf3dbef817e9ef58c4c6f4cd13bf9ad3634b2d52a78080852383
Red Hat Security Advisory 2020-2646-01
Posted Jun 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2646-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Issues addressed include buffer over-read, denial of service, and memory leak vulnerabilities.

tags | advisory, web, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-0196, CVE-2019-0197, CVE-2019-15903, CVE-2019-19956, CVE-2019-20388, CVE-2020-11080, CVE-2020-1934, CVE-2020-7595
SHA-256 | d1788a8e61cb334acd50091690da62efff82c9e0d9528c9f46c5226408959805
Red Hat Security Advisory 2020-2644-01
Posted Jun 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2644-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Issues addressed include buffer over-read, denial of service, and memory leak vulnerabilities.

tags | advisory, web, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-0196, CVE-2019-0197, CVE-2019-15903, CVE-2019-19956, CVE-2019-20388, CVE-2020-11080, CVE-2020-1934, CVE-2020-7595
SHA-256 | 3c5cb032e0a7a155597c19347749b668adb80897922efd1951e936de20b50b4f
Red Hat Security Advisory 2020-2524-01
Posted Jun 11, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2524-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-11080
SHA-256 | fbfa3ba2771ca3d2c3032055cbc5daf2cd75681af6e4354f70742b1030e2f63e
Red Hat Security Advisory 2020-2523-01
Posted Jun 11, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2523-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-11080
SHA-256 | 5859bd4dc9842ce8ad71eb33e4bacf18fed875d7b192627c580c22fb4c19d266
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close