CWE-440
AllowedExpected Behavior Violation
Abstraction: Base · Status: Draft
A feature, API, or function does not perform according to its specification.
79 vulnerabilities reference this CWE, most recent first.
GHSA-7G9J-G5JG-3VV3
Vulnerability from github – Published: 2024-01-24 20:53 – Updated: 2025-07-28 15:56Impact
There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it causes the sending and receiving side to be expecting different nonce values than would arrive.
Note that this only affects those who are using the stateful TransportState, not those using StatelessTransportState.
Patches
This has been patched in version 0.9.5, and all users are recommended to update.
References
There will be a more formal report of this in the near future.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "snow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-58265"
],
"database_specific": {
"cwe_ids": [
"CWE-440"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-24T20:53:48Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Impact\nThere was a logic bug where unauthenticated payloads could still cause a nonce increment in snow\u0027s internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it causes the sending and receiving side to be expecting different nonce values than would arrive.\n\nNote that this only affects those who are using the stateful `TransportState`, not those using `StatelessTransportState`.\n\n### Patches\nThis has been patched in version 0.9.5, and all users are recommended to update.\n\n### References\nThere will be a more formal report of this in the near future.",
"id": "GHSA-7g9j-g5jg-3vv3",
"modified": "2025-07-28T15:56:29Z",
"published": "2024-01-24T20:53:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mcginty/snow/security/advisories/GHSA-7g9j-g5jg-3vv3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58265"
},
{
"type": "WEB",
"url": "https://github.com/mcginty/snow/commit/12e8ae55547ae297d5f70599e5c884ea891303eb"
},
{
"type": "PACKAGE",
"url": "https://github.com/mcginty/snow"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0011.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Unauthenticated Nonce Increment in snow"
}
GHSA-8MRM-R7H3-C3HJ
Vulnerability from github – Published: 2024-07-20 06:30 – Updated: 2024-09-13 19:34A path traversal vulnerability exists in the apply_settings function of parisneo/lollms versions prior to 9.5.1. The sanitize_path function does not adequately secure the discussion_db_name parameter, allowing attackers to manipulate the path and potentially write to important system folders.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "lollms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-6281"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-440"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-13T19:34:25Z",
"nvd_published_at": "2024-07-20T04:15:05Z",
"severity": "HIGH"
},
"details": "A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders.",
"id": "GHSA-8mrm-r7h3-c3hj",
"modified": "2024-09-13T19:34:25Z",
"published": "2024-07-20T06:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6281"
},
{
"type": "WEB",
"url": "https://github.com/parisneo/lollms/commit/26a3ff35acf152b49e1087d5698ad4864c7b6092"
},
{
"type": "PACKAGE",
"url": "https://github.com/parisneo/lollms"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/0a62f2fb-4e62-4128-9dc4-e8f1d959ac61"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "LoLLMS vulnerable to Expected Behavior Violation"
}
GHSA-8VPF-2WHM-FFFJ
Vulnerability from github – Published: 2026-06-19 03:31 – Updated: 2026-06-19 03:31Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.
{
"affected": [],
"aliases": [
"CVE-2026-8806"
],
"database_specific": {
"cwe_ids": [
"CWE-440"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-19T03:16:15Z",
"severity": "HIGH"
},
"details": "Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.",
"id": "GHSA-8vpf-2whm-fffj",
"modified": "2026-06-19T03:31:27Z",
"published": "2026-06-19T03:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8806"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU97140216"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-06"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-003_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9HG2-395J-83RM
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2024-04-18 17:11In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.0.M18"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-coyote"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0.M1"
},
{
"fixed": "9.0.0.M19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.5.12"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-coyote"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.0.M18"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0.M1"
},
{
"fixed": "9.0.0.M19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.5.12"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-5651"
],
"database_specific": {
"cwe_ids": [
"CWE-440"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-01T13:44:41Z",
"nvd_published_at": "2017-04-17T16:59:00Z",
"severity": "CRITICAL"
},
"details": "In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.",
"id": "GHSA-9hg2-395j-83rm",
"modified": "2024-04-18T17:11:18Z",
"published": "2022-05-13T01:46:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5651"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/9233d9d6a018be4415d4d7d6cb4fe01176adf1a8"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20170420113605/http://www.securitytracker.com/id/1038219"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20170417124228/http://www.securityfocus.com/bid/97544"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180614-0001"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://github.com/search?q=repo%3Aapache%2Ftomcat+apache.coyote+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F\u0026type=code"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=60918"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Expected Behavior Violation in Apache Tomcat"
}
GHSA-9HXF-PPJV-W6RQ
Vulnerability from github – Published: 2023-07-06 21:15 – Updated: 2025-08-13 15:00gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.grpc:grpc-protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "1.53.0"
},
{
"fixed": "1.53.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "grpcio"
},
"ranges": [
{
"events": [
{
"introduced": "1.53.0"
},
{
"fixed": "1.53.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "grpc"
},
"ranges": [
{
"events": [
{
"introduced": "1.53.0"
},
{
"fixed": "1.53.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.grpc:grpc-protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "1.54.0"
},
{
"fixed": "1.54.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "grpcio"
},
"ranges": [
{
"events": [
{
"introduced": "1.54.0"
},
{
"fixed": "1.54.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "grpc"
},
"ranges": [
{
"events": [
{
"introduced": "1.54.0"
},
{
"fixed": "1.54.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-32732"
],
"database_specific": {
"cwe_ids": [
"CWE-440"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-06T23:56:31Z",
"nvd_published_at": "2023-06-09T11:15:09Z",
"severity": "MODERATE"
},
"details": "gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in\u00a0https://github.com/grpc/grpc/pull/32309.",
"id": "GHSA-9hxf-ppjv-w6rq",
"modified": "2025-08-13T15:00:12Z",
"published": "2023-07-06T21:15:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32732"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/pull/32309"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/commit/29d8beee0ac2555773b2a2dda5601c74a95d6c10"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/releases/tag/v1.53.1"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/releases/tag/v1.54.2"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32732.yml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "gRPC connection termination issue"
}
GHSA-9QFW-F49W-5JG7
Vulnerability from github – Published: 2022-10-17 12:00 – Updated: 2022-10-17 12:00WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.
{
"affected": [],
"aliases": [
"CVE-2022-3281"
],
"database_specific": {
"cwe_ids": [
"CWE-440"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-17T09:15:00Z",
"severity": "MODERATE"
},
"details": "WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.",
"id": "GHSA-9qfw-f49w-5jg7",
"modified": "2022-10-17T12:00:27Z",
"published": "2022-10-17T12:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3281"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2022-042"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CFGP-2977-2FMM
Vulnerability from github – Published: 2023-07-05 19:12 – Updated: 2025-08-13 14:56When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.grpc:grpc-protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "1.53.0"
},
{
"fixed": "1.53.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "grpcio"
},
"ranges": [
{
"events": [
{
"introduced": "1.53.0"
},
{
"fixed": "1.53.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "grpc"
},
"ranges": [
{
"events": [
{
"introduced": "1.53.0"
},
{
"fixed": "1.53.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "grpcio"
},
"ranges": [
{
"events": [
{
"introduced": "1.54.0"
},
{
"fixed": "1.54.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "grpc"
},
"ranges": [
{
"events": [
{
"introduced": "1.54.0"
},
{
"fixed": "1.54.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.grpc:grpc-protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "1.54.0"
},
{
"fixed": "1.54.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-32731"
],
"database_specific": {
"cwe_ids": [
"CWE-440"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-05T20:26:48Z",
"nvd_published_at": "2023-06-09T11:15:09Z",
"severity": "HIGH"
},
"details": "When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.",
"id": "GHSA-cfgp-2977-2fmm",
"modified": "2025-08-13T14:56:11Z",
"published": "2023-07-05T19:12:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32731"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/issues/33463"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/pull/32309"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/pull/33005"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/commit/29d8beee0ac2555773b2a2dda5601c74a95d6c10"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/releases/tag/v1.53.1"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/releases/tag/v1.54.2"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32731.yml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Connection confusion in gRPC"
}
GHSA-FQF6-GXHH-2XHW
Vulnerability from github – Published: 2026-07-07 19:36 – Updated: 2026-07-07 19:36determine_backup_mode in src/uucore/src/lib/features/backup_control.rs only checks --backup/-b and returns BackupMode::None when only --suffix is given. GNU enables backup mode when --suffix is used alone (defaulting to existing/numbered, or $VERSION_CONTROL). Affects cp, install, mv, ln which share this code.
# uutils: no backup created
$ coreutils cp --suffix=.bak src dest # dest.bak NOT created
# GNU: dest.bak created
$ cp --suffix=.bak src dest
Impact: users/scripts relying on --suffix to back up a file before overwrite get silent data loss; breaks GNU compatibility across four utilities. Recommendation: enable backup mode when --suffix is present.
Note: this is primarily a GNU-compatibility/data-safety divergence rather than a classic exploitable vulnerability — review whether it warrants a CVE.
Remediation: Acknowledged by Canonical; fixed in PR #9741 (uucore: use --suffix to enable backup mode), commit 939ab037a, merged 2025-12-21. determine_backup_mode now has a --suffix-alone branch that resolves the mode from $VERSION_CONTROL (defaulting to existing). Released in uucore 0.6.0 and later (vulnerable: < 0.6.0). Regression tests added in the same file: test_backup_mode_suffix_without_backup_option and test_backup_mode_suffix_without_backup_option_with_env_var.
Reported by Zellic in the uutils coreutils Program Security Assessment (prepared for Canonical, Jan 20 2026), audited commit 3a07ffc5a9bd4c283e75afa548ba1f1957bad242. Finding 3.7. Credit: Zellic.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "uucore"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-440",
"CWE-693"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-07T19:36:17Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "`determine_backup_mode` in `src/uucore/src/lib/features/backup_control.rs` only checks `--backup`/`-b` and returns `BackupMode::None` when only `--suffix` is given. GNU enables backup mode when `--suffix` is used alone (defaulting to existing/numbered, or `$VERSION_CONTROL`). Affects `cp`, `install`, `mv`, `ln` which share this code.\n\n```\n# uutils: no backup created\n$ coreutils cp --suffix=.bak src dest # dest.bak NOT created\n# GNU: dest.bak created\n$ cp --suffix=.bak src dest\n```\n\n**Impact:** users/scripts relying on `--suffix` to back up a file before overwrite get silent data loss; breaks GNU compatibility across four utilities. Recommendation: enable backup mode when `--suffix` is present.\n\n_Note: this is primarily a GNU-compatibility/data-safety divergence rather than a classic exploitable vulnerability \u2014 review whether it warrants a CVE._\n\n**Remediation:** Acknowledged by Canonical; fixed in PR #9741 (`uucore: use --suffix to enable backup mode`), commit `939ab037a`, merged 2025-12-21. `determine_backup_mode` now has a `--suffix`-alone branch that resolves the mode from `$VERSION_CONTROL` (defaulting to `existing`). Released in **uucore 0.6.0** and later (vulnerable: `\u003c 0.6.0`). Regression tests added in the same file: `test_backup_mode_suffix_without_backup_option` and `test_backup_mode_suffix_without_backup_option_with_env_var`.\n\n---\n_Reported by Zellic in the *uutils coreutils Program Security Assessment* (prepared for Canonical, Jan 20 2026), audited commit `3a07ffc5a9bd4c283e75afa548ba1f1957bad242`. Finding 3.7. Credit: Zellic._",
"id": "GHSA-fqf6-gxhh-2xhw",
"modified": "2026-07-07T19:36:17Z",
"published": "2026-07-07T19:36:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/security/advisories/GHSA-fqf6-gxhh-2xhw"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/pull/9741"
},
{
"type": "PACKAGE",
"url": "https://github.com/uutils/coreutils"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "uutils coreutils: cp/install/mv/ln --suffix alone does not enable backup mode (silent data loss vs GNU)"
}
GHSA-FVF4-JV3J-73MQ
Vulnerability from github – Published: 2023-05-12 21:30 – Updated: 2025-11-04 18:30A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
{
"affected": [],
"aliases": [
"CVE-2023-2088"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-440"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-12T21:15:09Z",
"severity": "MODERATE"
},
"details": "A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.",
"id": "GHSA-fvf4-jv3j-73mq",
"modified": "2025-11-04T18:30:40Z",
"published": "2023-05-12T21:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2088"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/bugs/2004555"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00015.html"
},
{
"type": "WEB",
"url": "https://security.openstack.org/ossa/OSSA-2023-003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GHWG-GPP4-W4X3
Vulnerability from github – Published: 2024-08-06 12:30 – Updated: 2025-07-22 21:31It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values.
This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.
Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.
{
"affected": [],
"aliases": [
"CVE-2024-7246"
],
"database_specific": {
"cwe_ids": [
"CWE-440"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-06T11:16:07Z",
"severity": "MODERATE"
},
"details": "It\u0027s possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It\u0027s also possible to use this vulnerability to leak other clients HTTP header keys, but not values.\n\nThis occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.\n\nPlease update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.",
"id": "GHSA-ghwg-gpp4-w4x3",
"modified": "2025-07-22T21:31:14Z",
"published": "2024-08-06T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7246"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/issues/36245"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.