Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-6581 (GCVE-0-2016-6581)
Vulnerability from cvelistv5
- n/a
URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:28.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "92315", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/92315" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-08-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-11T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "92315", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/92315" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6581", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "92315", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92315" }, { "name": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html", "refsource": "CONFIRM", "url": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6581", "datePublished": "2017-01-10T15:00:00", "dateReserved": "2016-08-03T00:00:00", "dateUpdated": "2024-08-06T01:36:28.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2016-6581\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-01-10T15:59:00.423\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \\\"HPACK Bomb\\\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.\"},{\"lang\":\"es\",\"value\":\"Una implementaci\u00f3n de HTTP/2 construida usando cualquier versi\u00f3n de la librer\u00eda de Python HPACK entre las versiones v1.0.0 y v2.2.0 podr\u00eda ser atacada por un ataque de denegaci\u00f3n de servicio, especialmente un ataque llamado \\\"HPACK Bomb\\\". Este ataque ocurre cuando un atacante inserta un campo de cabecera que es exactamente del tama\u00f1o de la tabla de cabecera din\u00e1mica HPACK dentro de la tabla de cabecera din\u00e1mica. El atacante puede entonces enviar un bloque de cabecera que simplemente repita solicitudes para expandir ese campo en la tabla din\u00e1mica. Esto puede conducir a un ratio de compresi\u00f3n gigante de 4,096 o mayor, significando que 16kB de datos pueden descomprimirse a 64MB de datos en la m\u00e1quina objetivo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:hpack:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"149D1734-DC22-49C7-8989-ED1C72638E4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:hpack:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C4CB9C9-A06D-4D40-935A-71CDEECEDE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:hpack:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE6FFC07-34D1-4654-BDB8-D0DEB238E3EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:hpack:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"212AFC19-357E-430C-BA91-028D4F9943BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:hpack:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0714A00-3404-4900-BFE5-71D5395C0CDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:hyper:0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18CD48D6-EC6C-4D54-8ACE-78C6125B48B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:hyper:0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B79FFFB-F324-4B96-9D9D-79643D17B85E\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/92315\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92315\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}" } }
gsd-2016-6581
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2016-6581", "description": "A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.", "id": "GSD-2016-6581", "references": [ "https://www.suse.com/security/cve/CVE-2016-6581.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2016-6581" ], "details": "A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.", "id": "GSD-2016-6581", "modified": "2023-12-13T01:21:22.929024Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6581", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "92315", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92315" }, { "name": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html", "refsource": "CONFIRM", "url": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c2.3.0", "affected_versions": "All versions before 2.3.0", "credit": "Cory Benfield", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-399", "CWE-937" ], "date": "2017-01-27", "description": "An HTTP/2 implementation built using the priority library could be targetted for a denial of service attack based on HPACK, specifically a so-called \"HPACK Bomb\" attack.", "fixed_versions": [ "2.3.0" ], "identifier": "CVE-2016-6581", "identifiers": [ "CVE-2016-6581" ], "package_slug": "pypi/hpack", "pubdate": "2017-01-10", "solution": "Upgrade to latest or apply patches.", "title": "DoS via HPACK bomb attack", "urls": [ "http://www.imperva.com/docs/Imperva_HII_HTTP2.pdf", "https://github.com/python-hyper/hpack/pull/56" ], "uuid": "95528c18-ba05-4293-9365-adbfd43e5b6a" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:python:hyper:0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:python:hyper:0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:python:hpack:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:python:hpack:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:python:hpack:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:python:hpack:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:python:hpack:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6581" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-399" } ] } ] }, "references": { "reference_data": [ { "name": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html", "refsource": "CONFIRM", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html" }, { "name": "92315", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92315" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": true, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2017-01-27T19:41Z", "publishedDate": "2017-01-10T15:59Z" } } }
opensuse-su-2024:11230-1
Vulnerability from csaf_opensuse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "python36-hpack-4.0.0-1.6 on GA media", "title": "Title of the patch" }, { "category": "description", "text": "These are all security issues fixed in the python36-hpack-4.0.0-1.6 package on the GA media of openSUSE Tumbleweed.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-Tumbleweed-2024-11230", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11230-1.json" }, { "category": "self", "summary": "SUSE CVE CVE-2016-6581 page", "url": "https://www.suse.com/security/cve/CVE-2016-6581/" } ], "title": "python36-hpack-4.0.0-1.6 on GA media", "tracking": { "current_release_date": "2024-06-15T00:00:00Z", "generator": { "date": "2024-06-15T00:00:00Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2024:11230-1", "initial_release_date": "2024-06-15T00:00:00Z", "revision_history": [ { "date": "2024-06-15T00:00:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "python36-hpack-4.0.0-1.6.aarch64", "product": { "name": "python36-hpack-4.0.0-1.6.aarch64", "product_id": "python36-hpack-4.0.0-1.6.aarch64" } }, { "category": "product_version", "name": "python38-hpack-4.0.0-1.6.aarch64", "product": { "name": "python38-hpack-4.0.0-1.6.aarch64", "product_id": "python38-hpack-4.0.0-1.6.aarch64" } }, { "category": "product_version", "name": "python39-hpack-4.0.0-1.6.aarch64", "product": { "name": "python39-hpack-4.0.0-1.6.aarch64", "product_id": "python39-hpack-4.0.0-1.6.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "python36-hpack-4.0.0-1.6.ppc64le", "product": { "name": "python36-hpack-4.0.0-1.6.ppc64le", "product_id": "python36-hpack-4.0.0-1.6.ppc64le" } }, { "category": "product_version", "name": "python38-hpack-4.0.0-1.6.ppc64le", "product": { "name": "python38-hpack-4.0.0-1.6.ppc64le", "product_id": "python38-hpack-4.0.0-1.6.ppc64le" } }, { "category": "product_version", "name": "python39-hpack-4.0.0-1.6.ppc64le", "product": { "name": "python39-hpack-4.0.0-1.6.ppc64le", "product_id": "python39-hpack-4.0.0-1.6.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "python36-hpack-4.0.0-1.6.s390x", "product": { "name": "python36-hpack-4.0.0-1.6.s390x", "product_id": "python36-hpack-4.0.0-1.6.s390x" } }, { "category": "product_version", "name": "python38-hpack-4.0.0-1.6.s390x", "product": { "name": "python38-hpack-4.0.0-1.6.s390x", "product_id": "python38-hpack-4.0.0-1.6.s390x" } }, { "category": "product_version", "name": "python39-hpack-4.0.0-1.6.s390x", "product": { "name": "python39-hpack-4.0.0-1.6.s390x", "product_id": "python39-hpack-4.0.0-1.6.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "python36-hpack-4.0.0-1.6.x86_64", "product": { "name": "python36-hpack-4.0.0-1.6.x86_64", "product_id": "python36-hpack-4.0.0-1.6.x86_64" } }, { "category": "product_version", "name": "python38-hpack-4.0.0-1.6.x86_64", "product": { "name": "python38-hpack-4.0.0-1.6.x86_64", "product_id": "python38-hpack-4.0.0-1.6.x86_64" } }, { "category": "product_version", "name": "python39-hpack-4.0.0-1.6.x86_64", "product": { "name": "python39-hpack-4.0.0-1.6.x86_64", "product_id": "python39-hpack-4.0.0-1.6.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Tumbleweed", "product": { "name": "openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed", "product_identification_helper": { "cpe": "cpe:/o:opensuse:tumbleweed" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python36-hpack-4.0.0-1.6.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.aarch64" }, "product_reference": "python36-hpack-4.0.0-1.6.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python36-hpack-4.0.0-1.6.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.ppc64le" }, "product_reference": "python36-hpack-4.0.0-1.6.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python36-hpack-4.0.0-1.6.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.s390x" }, "product_reference": "python36-hpack-4.0.0-1.6.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python36-hpack-4.0.0-1.6.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.x86_64" }, "product_reference": "python36-hpack-4.0.0-1.6.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python38-hpack-4.0.0-1.6.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.aarch64" }, "product_reference": "python38-hpack-4.0.0-1.6.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python38-hpack-4.0.0-1.6.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.ppc64le" }, "product_reference": "python38-hpack-4.0.0-1.6.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python38-hpack-4.0.0-1.6.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.s390x" }, "product_reference": "python38-hpack-4.0.0-1.6.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python38-hpack-4.0.0-1.6.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.x86_64" }, "product_reference": "python38-hpack-4.0.0-1.6.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python39-hpack-4.0.0-1.6.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.aarch64" }, "product_reference": "python39-hpack-4.0.0-1.6.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python39-hpack-4.0.0-1.6.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.ppc64le" }, "product_reference": "python39-hpack-4.0.0-1.6.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python39-hpack-4.0.0-1.6.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.s390x" }, "product_reference": "python39-hpack-4.0.0-1.6.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python39-hpack-4.0.0-1.6.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.x86_64" }, "product_reference": "python39-hpack-4.0.0-1.6.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-6581", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-6581" } ], "notes": [ { "category": "general", "text": "A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.aarch64", "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.ppc64le", "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.s390x", "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.x86_64", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.aarch64", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.ppc64le", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.s390x", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.x86_64", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.aarch64", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.ppc64le", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.s390x", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-6581", "url": "https://www.suse.com/security/cve/CVE-2016-6581" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.aarch64", "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.ppc64le", "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.s390x", "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.x86_64", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.aarch64", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.ppc64le", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.s390x", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.x86_64", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.aarch64", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.ppc64le", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.s390x", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.aarch64", "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.ppc64le", "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.s390x", "openSUSE Tumbleweed:python36-hpack-4.0.0-1.6.x86_64", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.aarch64", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.ppc64le", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.s390x", "openSUSE Tumbleweed:python38-hpack-4.0.0-1.6.x86_64", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.aarch64", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.ppc64le", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.s390x", "openSUSE Tumbleweed:python39-hpack-4.0.0-1.6.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2016-6581" } ] }
opensuse-su-2024:14140-1
Vulnerability from csaf_opensuse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "python310-hpack-4.0.0-2.7 on GA media", "title": "Title of the patch" }, { "category": "description", "text": "These are all security issues fixed in the python310-hpack-4.0.0-2.7 package on the GA media of openSUSE Tumbleweed.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-Tumbleweed-2024-14140", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14140-1.json" }, { "category": "self", "summary": "SUSE CVE CVE-2016-6581 page", "url": "https://www.suse.com/security/cve/CVE-2016-6581/" } ], "title": "python310-hpack-4.0.0-2.7 on GA media", "tracking": { "current_release_date": "2024-07-12T00:00:00Z", "generator": { "date": "2024-07-12T00:00:00Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2024:14140-1", "initial_release_date": "2024-07-12T00:00:00Z", "revision_history": [ { "date": "2024-07-12T00:00:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "python310-hpack-4.0.0-2.7.aarch64", "product": { "name": "python310-hpack-4.0.0-2.7.aarch64", "product_id": "python310-hpack-4.0.0-2.7.aarch64" } }, { "category": "product_version", "name": "python311-hpack-4.0.0-2.7.aarch64", "product": { "name": "python311-hpack-4.0.0-2.7.aarch64", "product_id": "python311-hpack-4.0.0-2.7.aarch64" } }, { "category": "product_version", "name": "python312-hpack-4.0.0-2.7.aarch64", "product": { "name": "python312-hpack-4.0.0-2.7.aarch64", "product_id": "python312-hpack-4.0.0-2.7.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "python310-hpack-4.0.0-2.7.ppc64le", "product": { "name": "python310-hpack-4.0.0-2.7.ppc64le", "product_id": "python310-hpack-4.0.0-2.7.ppc64le" } }, { "category": "product_version", "name": "python311-hpack-4.0.0-2.7.ppc64le", "product": { "name": "python311-hpack-4.0.0-2.7.ppc64le", "product_id": "python311-hpack-4.0.0-2.7.ppc64le" } }, { "category": "product_version", "name": "python312-hpack-4.0.0-2.7.ppc64le", "product": { "name": "python312-hpack-4.0.0-2.7.ppc64le", "product_id": "python312-hpack-4.0.0-2.7.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "python310-hpack-4.0.0-2.7.s390x", "product": { "name": "python310-hpack-4.0.0-2.7.s390x", "product_id": "python310-hpack-4.0.0-2.7.s390x" } }, { "category": "product_version", "name": "python311-hpack-4.0.0-2.7.s390x", "product": { "name": "python311-hpack-4.0.0-2.7.s390x", "product_id": "python311-hpack-4.0.0-2.7.s390x" } }, { "category": "product_version", "name": "python312-hpack-4.0.0-2.7.s390x", "product": { "name": "python312-hpack-4.0.0-2.7.s390x", "product_id": "python312-hpack-4.0.0-2.7.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "python310-hpack-4.0.0-2.7.x86_64", "product": { "name": "python310-hpack-4.0.0-2.7.x86_64", "product_id": "python310-hpack-4.0.0-2.7.x86_64" } }, { "category": "product_version", "name": "python311-hpack-4.0.0-2.7.x86_64", "product": { "name": "python311-hpack-4.0.0-2.7.x86_64", "product_id": "python311-hpack-4.0.0-2.7.x86_64" } }, { "category": "product_version", "name": "python312-hpack-4.0.0-2.7.x86_64", "product": { "name": "python312-hpack-4.0.0-2.7.x86_64", "product_id": "python312-hpack-4.0.0-2.7.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Tumbleweed", "product": { "name": "openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed", "product_identification_helper": { "cpe": "cpe:/o:opensuse:tumbleweed" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python310-hpack-4.0.0-2.7.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.aarch64" }, "product_reference": "python310-hpack-4.0.0-2.7.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python310-hpack-4.0.0-2.7.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.ppc64le" }, "product_reference": "python310-hpack-4.0.0-2.7.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python310-hpack-4.0.0-2.7.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.s390x" }, "product_reference": "python310-hpack-4.0.0-2.7.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python310-hpack-4.0.0-2.7.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.x86_64" }, "product_reference": "python310-hpack-4.0.0-2.7.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python311-hpack-4.0.0-2.7.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.aarch64" }, "product_reference": "python311-hpack-4.0.0-2.7.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python311-hpack-4.0.0-2.7.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.ppc64le" }, "product_reference": "python311-hpack-4.0.0-2.7.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python311-hpack-4.0.0-2.7.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.s390x" }, "product_reference": "python311-hpack-4.0.0-2.7.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python311-hpack-4.0.0-2.7.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.x86_64" }, "product_reference": "python311-hpack-4.0.0-2.7.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python312-hpack-4.0.0-2.7.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.aarch64" }, "product_reference": "python312-hpack-4.0.0-2.7.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python312-hpack-4.0.0-2.7.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.ppc64le" }, "product_reference": "python312-hpack-4.0.0-2.7.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python312-hpack-4.0.0-2.7.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.s390x" }, "product_reference": "python312-hpack-4.0.0-2.7.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "python312-hpack-4.0.0-2.7.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.x86_64" }, "product_reference": "python312-hpack-4.0.0-2.7.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-6581", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-6581" } ], "notes": [ { "category": "general", "text": "A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.aarch64", "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.ppc64le", "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.s390x", "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.x86_64", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.aarch64", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.ppc64le", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.s390x", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.x86_64", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.aarch64", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.ppc64le", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.s390x", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-6581", "url": "https://www.suse.com/security/cve/CVE-2016-6581" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.aarch64", "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.ppc64le", "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.s390x", "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.x86_64", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.aarch64", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.ppc64le", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.s390x", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.x86_64", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.aarch64", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.ppc64le", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.s390x", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.aarch64", "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.ppc64le", "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.s390x", "openSUSE Tumbleweed:python310-hpack-4.0.0-2.7.x86_64", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.aarch64", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.ppc64le", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.s390x", "openSUSE Tumbleweed:python311-hpack-4.0.0-2.7.x86_64", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.aarch64", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.ppc64le", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.s390x", "openSUSE Tumbleweed:python312-hpack-4.0.0-2.7.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-07-12T00:00:00Z", "details": "important" } ], "title": "CVE-2016-6581" } ] }
fkie_cve-2016-6581
Vulnerability from fkie_nvd
URL | Tags | ||
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/bid/92315 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92315 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html | Mitigation, Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:python:hpack:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "149D1734-DC22-49C7-8989-ED1C72638E4C", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:hpack:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C4CB9C9-A06D-4D40-935A-71CDEECEDE97", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:hpack:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BE6FFC07-34D1-4654-BDB8-D0DEB238E3EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:hpack:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "212AFC19-357E-430C-BA91-028D4F9943BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:hpack:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A0714A00-3404-4900-BFE5-71D5395C0CDA", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:hyper:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "18CD48D6-EC6C-4D54-8ACE-78C6125B48B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:hyper:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "5B79FFFB-F324-4B96-9D9D-79643D17B85E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine." }, { "lang": "es", "value": "Una implementaci\u00f3n de HTTP/2 construida usando cualquier versi\u00f3n de la librer\u00eda de Python HPACK entre las versiones v1.0.0 y v2.2.0 podr\u00eda ser atacada por un ataque de denegaci\u00f3n de servicio, especialmente un ataque llamado \"HPACK Bomb\". Este ataque ocurre cuando un atacante inserta un campo de cabecera que es exactamente del tama\u00f1o de la tabla de cabecera din\u00e1mica HPACK dentro de la tabla de cabecera din\u00e1mica. El atacante puede entonces enviar un bloque de cabecera que simplemente repita solicitudes para expandir ese campo en la tabla din\u00e1mica. Esto puede conducir a un ratio de compresi\u00f3n gigante de 4,096 o mayor, significando que 16kB de datos pueden descomprimirse a 64MB de datos en la m\u00e1quina objetivo." } ], "id": "CVE-2016-6581", "lastModified": "2025-04-20T01:37:25.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-01-10T15:59:00.423", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92315" }, { "source": "cve@mitre.org", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92315" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
ghsa-ffq8-576r-v26g
Vulnerability from github
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "hpack" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "2.3.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2016-6581" ], "database_specific": { "cwe_ids": [], "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:34:33Z", "nvd_published_at": null, "severity": "HIGH" }, "details": "A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.", "id": "GHSA-ffq8-576r-v26g", "modified": "2024-09-20T21:39:26Z", "published": "2019-07-05T21:11:05Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6581" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-ffq8-576r-v26g" }, { "type": "WEB", "url": "https://github.com/pypa/advisory-database/tree/main/vulns/hpack/PYSEC-2017-87.yaml" }, { "type": "PACKAGE", "url": "https://github.com/python-hyper/hpack" }, { "type": "WEB", "url": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html" }, { "type": "WEB", "url": "https://web.archive.org/web/20200227233559/http://www.securityfocus.com/bid/92315" }, { "type": "WEB", "url": "http://python-hyper.org/projects/hpack/en/stable/security/CVE-2016-6581.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "type": "CVSS_V4" } ], "summary": "HPACK Denial of Service vulnerability (HPACK Bomb)" }
CERTFR-2022-AVI-267
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1", "product": { "name": "Junos Space", "vendor": { "name": "Juniper Networks", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2017-13078", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13078" }, { "name": "CVE-2017-13077", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13077" }, { "name": "CVE-2017-13080", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13080" }, { "name": "CVE-2017-13082", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13082" }, { "name": "CVE-2017-13088", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13088" }, { "name": "CVE-2017-13086", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13086" }, { "name": "CVE-2017-13087", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13087" }, { "name": "CVE-2017-5715", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5715" }, { "name": "CVE-2018-3639", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639" }, { "name": "CVE-2007-1351", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1351" }, { "name": "CVE-2007-1352", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1352" }, { "name": "CVE-2007-6284", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6284" }, { "name": "CVE-2008-2935", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2935" }, { "name": "CVE-2008-3281", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281" }, { "name": "CVE-2008-3529", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529" }, { "name": "CVE-2008-4226", "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226" }, { "name": "CVE-2008-4225", "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225" }, { "name": "CVE-2009-2414", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414" }, { "name": "CVE-2009-2416", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416" }, { "name": "CVE-2008-5161", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161" }, { "name": "CVE-2010-4008", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008" }, { "name": "CVE-2011-0411", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0411" }, { "name": "CVE-2011-1720", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1720" }, { "name": "CVE-2011-0216", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216" }, { "name": "CVE-2011-2834", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834" }, { "name": "CVE-2011-2895", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895" }, { "name": "CVE-2011-3905", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905" }, { "name": "CVE-2011-3919", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919" }, { "name": "CVE-2012-0841", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841" }, { "name": "CVE-2011-1944", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944" }, { "name": "CVE-2012-2807", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807" }, { "name": "CVE-2012-2870", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870" }, { "name": "CVE-2012-5134", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134" }, { "name": "CVE-2011-3102", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102" }, { "name": "CVE-2013-2877", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2877" }, { "name": "CVE-2013-0338", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0338" }, { "name": "CVE-2012-6139", "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139" }, { "name": "CVE-2013-2566", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2566" }, { "name": "CVE-2013-6462", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6462" }, { "name": "CVE-2014-0211", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0211" }, { "name": "CVE-2014-3660", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660" }, { "name": "CVE-2015-1803", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1803" }, { "name": "CVE-2015-1804", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1804" }, { "name": "CVE-2015-1802", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1802" }, { "name": "CVE-2015-2716", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2716" }, { "name": "CVE-2015-5352", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352" }, { "name": "CVE-2015-2808", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808" }, { "name": "CVE-2014-8991", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8991" }, { "name": "CVE-2014-7185", "url": "https://www.cve.org/CVERecord?id=CVE-2014-7185" }, { "name": "CVE-2014-9365", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9365" }, { "name": "CVE-2015-6838", "url": "https://www.cve.org/CVERecord?id=CVE-2015-6838" }, { "name": "CVE-2015-6837", "url": "https://www.cve.org/CVERecord?id=CVE-2015-6837" }, { "name": "CVE-2015-7995", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995" }, { "name": "CVE-2015-8035", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8035" }, { "name": "CVE-2015-7499", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7499" }, { "name": "CVE-2015-8242", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8242" }, { "name": "CVE-2015-7500", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7500" }, { "name": "CVE-2016-1762", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762" }, { "name": "CVE-2015-5312", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5312" }, { "name": "CVE-2016-1839", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839" }, { "name": "CVE-2016-1833", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833" }, { "name": "CVE-2016-1837", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837" }, { "name": "CVE-2016-1834", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834" }, { "name": "CVE-2016-1840", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840" }, { "name": "CVE-2016-1836", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836" }, { "name": "CVE-2016-1838", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838" }, { "name": "CVE-2016-1684", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684" }, { "name": "CVE-2016-1683", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683" }, { "name": "CVE-2016-4448", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448" }, { "name": "CVE-2016-4447", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447" }, { "name": "CVE-2016-4449", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449" }, { "name": "CVE-2016-5131", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131" }, { "name": "CVE-2015-0975", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0975" }, { "name": "CVE-2016-4658", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658" }, { "name": "CVE-2016-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183" }, { "name": "CVE-2016-3627", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627" }, { "name": "CVE-2016-3115", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3115" }, { "name": "CVE-2016-5636", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5636" }, { "name": "CVE-2017-7375", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375" }, { "name": "CVE-2017-7376", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7376" }, { "name": "CVE-2017-7773", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7773" }, { "name": "CVE-2017-7772", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7772" }, { "name": "CVE-2017-7778", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7778" }, { "name": "CVE-2017-7771", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7771" }, { "name": "CVE-2017-7774", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7774" }, { "name": "CVE-2017-7776", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7776" }, { "name": "CVE-2017-7777", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7777" }, { "name": "CVE-2017-7775", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7775" }, { "name": "CVE-2017-6463", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6463" }, { "name": "CVE-2017-6462", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6462" }, { "name": "CVE-2017-6464", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6464" }, { "name": "CVE-2017-14492", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14492" }, { "name": "CVE-2017-14496", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14496" }, { "name": "CVE-2017-14491", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14491" }, { "name": "CVE-2017-14493", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14493" }, { "name": "CVE-2017-14494", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14494" }, { "name": "CVE-2017-14495", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14495" }, { "name": "CVE-2017-5130", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5130" }, { "name": "CVE-2017-3736", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736" }, { "name": "CVE-2017-3735", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735" }, { "name": "CVE-2017-15412", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15412" }, { "name": "CVE-2017-3738", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738" }, { "name": "CVE-2017-3737", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737" }, { "name": "CVE-2017-17807", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17807" }, { "name": "CVE-2018-0739", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739" }, { "name": "CVE-2017-16931", "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931" }, { "name": "CVE-2018-11214", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214" }, { "name": "CVE-2015-9019", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019" }, { "name": "CVE-2017-18258", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258" }, { "name": "CVE-2017-16932", "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932" }, { "name": "CVE-2016-9318", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318" }, { "name": "CVE-2018-1000120", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120" }, { "name": "CVE-2018-1000007", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007" }, { "name": "CVE-2018-1000121", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121" }, { "name": "CVE-2018-1000122", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122" }, { "name": "CVE-2018-0732", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732" }, { "name": "CVE-2018-6914", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6914" }, { "name": "CVE-2017-0898", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0898" }, { "name": "CVE-2018-8778", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8778" }, { "name": "CVE-2017-14033", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14033" }, { "name": "CVE-2018-8780", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8780" }, { "name": "CVE-2017-17742", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17742" }, { "name": "CVE-2017-10784", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10784" }, { "name": "CVE-2017-17405", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17405" }, { "name": "CVE-2018-8779", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8779" }, { "name": "CVE-2017-14064", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14064" }, { "name": "CVE-2018-8777", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8777" }, { "name": "CVE-2018-16395", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16395" }, { "name": "CVE-2018-0737", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737" }, { "name": "CVE-2018-16396", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16396" }, { "name": "CVE-2018-0495", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0495" }, { "name": "CVE-2018-0734", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734" }, { "name": "CVE-2018-5407", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407" }, { "name": "CVE-2018-1126", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1126" }, { "name": "CVE-2018-7858", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7858" }, { "name": "CVE-2018-1124", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1124" }, { "name": "CVE-2018-10897", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10897" }, { "name": "CVE-2018-1064", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1064" }, { "name": "CVE-2018-5683", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5683" }, { "name": "CVE-2017-13672", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13672" }, { "name": "CVE-2018-11212", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11212" }, { "name": "CVE-2017-18267", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18267" }, { "name": "CVE-2018-13988", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13988" }, { "name": "CVE-2018-20169", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20169" }, { "name": "CVE-2018-19985", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19985" }, { "name": "CVE-2019-1559", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559" }, { "name": "CVE-2019-6133", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6133" }, { "name": "CVE-2018-18311", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18311" }, { "name": "CVE-2018-12127", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127" }, { "name": "CVE-2018-12130", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130" }, { "name": "CVE-2019-11091", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091" }, { "name": "CVE-2018-12126", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126" }, { "name": "CVE-2019-9503", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503" }, { "name": "CVE-2019-10132", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10132" }, { "name": "CVE-2019-11190", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11190" }, { "name": "CVE-2019-11884", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11884" }, { "name": "CVE-2019-11487", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11487" }, { "name": "CVE-2019-12382", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12382" }, { "name": "CVE-2018-7191", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7191" }, { "name": "CVE-2019-5953", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5953" }, { "name": "CVE-2019-12614", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12614" }, { "name": "CVE-2019-11729", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11729" }, { "name": "CVE-2019-11727", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11727" }, { "name": "CVE-2019-11719", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11719" }, { "name": "CVE-2018-1060", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1060" }, { "name": "CVE-2018-12327", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12327" }, { "name": "CVE-2018-1061", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1061" }, { "name": "CVE-2019-10639", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10639" }, { "name": "CVE-2019-10638", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10638" }, { "name": "CVE-2018-20836", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20836" }, { "name": "CVE-2019-13233", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13233" }, { "name": "CVE-2019-14283", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14283" }, { "name": "CVE-2019-13648", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13648" }, { "name": "CVE-2019-10207", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10207" }, { "name": "CVE-2015-9289", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9289" }, { "name": "CVE-2019-14816", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14816" }, { "name": "CVE-2019-15239", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15239" }, { "name": "CVE-2019-15917", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15917" }, { "name": "CVE-2017-18551", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18551" }, { "name": "CVE-2019-15217", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15217" }, { "name": "CVE-2019-14821", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14821" }, { "name": "CVE-2019-11068", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11068" }, { "name": "CVE-2018-18066", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18066" }, { "name": "CVE-2019-15903", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15903" }, { "name": "CVE-2019-17666", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17666" }, { "name": "CVE-2019-17133", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17133" }, { "name": "CVE-2018-12207", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12207" }, { "name": "CVE-2019-11135", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11135" }, { "name": "CVE-2019-0154", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0154" }, { "name": "CVE-2019-17055", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17055" }, { "name": "CVE-2019-17053", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17053" }, { "name": "CVE-2019-16746", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746" }, { "name": "CVE-2019-0155", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0155" }, { "name": "CVE-2019-16233", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16233" }, { "name": "CVE-2019-15807", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15807" }, { "name": "CVE-2019-16231", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16231" }, { "name": "CVE-2019-11756", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756" }, { "name": "CVE-2019-11745", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745" }, { "name": "CVE-2019-19058", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19058" }, { "name": "CVE-2019-14895", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14895" }, { "name": "CVE-2019-19046", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19046" }, { "name": "CVE-2019-15916", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15916" }, { "name": "CVE-2019-18660", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18660" }, { "name": "CVE-2019-19063", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19063" }, { "name": "CVE-2019-19062", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19062" }, { "name": "CVE-2018-14526", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14526" }, { "name": "CVE-2019-13734", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13734" }, { "name": "CVE-2019-19530", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19530" }, { "name": "CVE-2019-19534", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19534" }, { "name": "CVE-2019-19524", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19524" }, { "name": "CVE-2019-14901", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14901" }, { "name": "CVE-2019-19537", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19537" }, { "name": "CVE-2019-19523", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19523" }, { "name": "CVE-2019-19338", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19338" }, { "name": "CVE-2019-19332", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19332" }, { "name": "CVE-2019-19527", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19527" }, { "name": "CVE-2019-18808", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18808" }, { "name": "CVE-2019-19767", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19767" }, { "name": "CVE-2019-19807", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19807" }, { "name": "CVE-2019-19055", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19055" }, { "name": "CVE-2019-17023", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17023" }, { "name": "CVE-2019-9824", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9824" }, { "name": "CVE-2019-9636", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636" }, { "name": "CVE-2019-12749", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749" }, { "name": "CVE-2019-19447", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19447" }, { "name": "CVE-2019-20095", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20095" }, { "name": "CVE-2019-20054", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20054" }, { "name": "CVE-2019-18634", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18634" }, { "name": "CVE-2019-14898", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14898" }, { "name": "CVE-2019-16994", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16994" }, { "name": "CVE-2019-18282", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18282" }, { "name": "CVE-2020-2732", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2732" }, { "name": "CVE-2019-19059", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19059" }, { "name": "CVE-2019-3901", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3901" }, { "name": "CVE-2020-9383", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9383" }, { "name": "CVE-2020-8647", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8647" }, { "name": "CVE-2020-8649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8649" }, { "name": "CVE-2020-1749", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1749" }, { "name": "CVE-2019-9458", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9458" }, { "name": "CVE-2020-10942", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10942" }, { "name": "CVE-2019-9454", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9454" }, { "name": "CVE-2020-11565", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11565" }, { "name": "CVE-2020-10690", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10690" }, { "name": "CVE-2020-10751", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10751" }, { "name": "CVE-2020-12826", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12826" }, { "name": "CVE-2020-12654", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12654" }, { "name": "CVE-2020-10732", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10732" }, { "name": "CVE-2019-20636", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20636" }, { "name": "CVE-2019-20811", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20811" }, { "name": "CVE-2020-12653", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12653" }, { "name": "CVE-2020-10757", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10757" }, { "name": "CVE-2020-12770", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12770" }, { "name": "CVE-2020-12888", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12888" }, { "name": "CVE-2020-12402", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12402" }, { "name": "CVE-2018-16881", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16881" }, { "name": "CVE-2018-19519", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19519" }, { "name": "CVE-2020-10713", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10713" }, { "name": "CVE-2020-14311", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14311" }, { "name": "CVE-2020-14309", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14309" }, { "name": "CVE-2020-15706", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15706" }, { "name": "CVE-2020-14308", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14308" }, { "name": "CVE-2020-14310", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14310" }, { "name": "CVE-2020-15705", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705" }, { "name": "CVE-2020-15707", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15707" }, { "name": "CVE-2020-14331", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14331" }, { "name": "CVE-2020-10769", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10769" }, { "name": "CVE-2020-14364", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14364" }, { "name": "CVE-2020-12400", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12400" }, { "name": "CVE-2020-12401", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12401" }, { "name": "CVE-2020-6829", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6829" }, { "name": "CVE-2020-14314", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14314" }, { "name": "CVE-2020-24394", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24394" }, { "name": "CVE-2020-25212", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25212" }, { "name": "CVE-2020-14305", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14305" }, { "name": "CVE-2020-10742", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10742" }, { "name": "CVE-2020-14385", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14385" }, { "name": "CVE-2020-25643", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25643" }, { "name": "CVE-2020-15999", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15999" }, { "name": "CVE-2018-20843", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20843" }, { "name": "CVE-2018-5729", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5729" }, { "name": "CVE-2018-5730", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5730" }, { "name": "CVE-2020-13817", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13817" }, { "name": "CVE-2020-11868", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11868" }, { "name": "CVE-2021-3156", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156" }, { "name": "CVE-2019-17006", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006" }, { "name": "CVE-2019-13232", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13232" }, { "name": "CVE-2020-10531", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10531" }, { "name": "CVE-2019-8696", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8696" }, { "name": "CVE-2019-20907", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20907" }, { "name": "CVE-2019-8675", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8675" }, { "name": "CVE-2017-12652", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12652" }, { "name": "CVE-2019-12450", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12450" }, { "name": "CVE-2020-12825", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12825" }, { "name": "CVE-2020-12243", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12243" }, { "name": "CVE-2019-14866", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14866" }, { "name": "CVE-2020-1983", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1983" }, { "name": "CVE-2019-5188", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5188" }, { "name": "CVE-2019-5094", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5094" }, { "name": "CVE-2020-10754", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10754" }, { "name": "CVE-2020-12049", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12049" }, { "name": "CVE-2019-14822", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14822" }, { "name": "CVE-2020-14363", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14363" }, { "name": "CVE-2019-9924", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9924" }, { "name": "CVE-2018-18751", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18751" }, { "name": "CVE-2019-9948", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9948" }, { "name": "CVE-2019-20386", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20386" }, { "name": "CVE-2017-13722", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13722" }, { "name": "CVE-2014-0210", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0210" }, { "name": "CVE-2018-16403", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16403" }, { "name": "CVE-2018-15746", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15746" }, { "name": "CVE-2014-6272", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6272" }, { "name": "CVE-2019-7638", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7638" }, { "name": "CVE-2015-8241", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8241" }, { "name": "CVE-2019-10155", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10155" }, { "name": "CVE-2018-11813", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11813" }, { "name": "CVE-2018-18310", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18310" }, { "name": "CVE-2018-1084", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1084" }, { "name": "CVE-2020-12662", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12662" }, { "name": "CVE-2012-4423", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4423" }, { "name": "CVE-2017-0902", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0902" }, { "name": "CVE-2018-8945", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8945" }, { "name": "CVE-2017-0899", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0899" }, { "name": "CVE-2010-2239", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2239" }, { "name": "CVE-2010-2242", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2242" }, { "name": "CVE-2017-14167", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14167" }, { "name": "CVE-2015-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0225" }, { "name": "CVE-2019-11324", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11324" }, { "name": "CVE-2013-6458", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6458" }, { "name": "CVE-2018-1000075", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075" }, { "name": "CVE-2018-15857", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15857" }, { "name": "CVE-2018-16062", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16062" }, { "name": "CVE-2018-10534", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10534" }, { "name": "CVE-2014-0179", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0179" }, { "name": "CVE-2018-18384", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18384" }, { "name": "CVE-2013-1766", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1766" }, { "name": "CVE-2016-6580", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6580" }, { "name": "CVE-2018-12697", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12697" }, { "name": "CVE-2018-1000301", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301" }, { "name": "CVE-2019-11236", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236" }, { "name": "CVE-2019-12155", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12155" }, { "name": "CVE-2017-0900", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0900" }, { "name": "CVE-2014-3598", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3598" }, { "name": "CVE-2017-1000050", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050" }, { "name": "CVE-2018-10535", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10535" }, { "name": "CVE-2019-3820", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3820" }, { "name": "CVE-2018-16402", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16402" }, { "name": "CVE-2018-1116", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1116" }, { "name": "CVE-2018-15853", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15853" }, { "name": "CVE-2019-14378", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14378" }, { "name": "CVE-2016-1494", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1494" }, { "name": "CVE-2019-12312", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12312" }, { "name": "CVE-2013-0339", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0339" }, { "name": "CVE-2019-16935", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16935" }, { "name": "CVE-2015-6525", "url": "https://www.cve.org/CVERecord?id=CVE-2015-6525" }, { "name": "CVE-2016-6581", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6581" }, { "name": "CVE-2013-4520", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4520" }, { "name": "CVE-2014-3633", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3633" }, { "name": "CVE-2014-3004", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3004" }, { "name": "CVE-2015-9381", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9381" }, { "name": "CVE-2016-5361", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5361" }, { "name": "CVE-2018-14598", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14598" }, { "name": "CVE-2014-1447", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1447" }, { "name": "CVE-2018-20852", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20852" }, { "name": "CVE-2012-2693", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2693" }, { "name": "CVE-2018-7208", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7208" }, { "name": "CVE-2018-12910", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12910" }, { "name": "CVE-2019-8325", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8325" }, { "name": "CVE-2015-7497", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7497" }, { "name": "CVE-2019-7665", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7665" }, { "name": "CVE-2018-15854", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15854" }, { "name": "CVE-2019-13404", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13404" }, { "name": "CVE-2015-5160", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5160" }, { "name": "CVE-2018-10767", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10767" }, { "name": "CVE-2018-7550", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7550" }, { "name": "CVE-2016-3076", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3076" }, { "name": "CVE-2018-14404", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14404" }, { "name": "CVE-2018-18521", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18521" }, { "name": "CVE-2018-19788", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19788" }, { "name": "CVE-2019-8322", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8322" }, { "name": "CVE-2019-3840", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3840" }, { "name": "CVE-2016-9189", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9189" }, { "name": "CVE-2015-9262", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9262" }, { "name": "CVE-2018-14647", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14647" }, { "name": "CVE-2019-17041", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17041" }, { "name": "CVE-2019-14906", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14906" }, { "name": "CVE-2018-1000073", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073" }, { "name": "CVE-2019-9947", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9947" }, { "name": "CVE-2017-1000158", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158" }, { "name": "CVE-2019-7635", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7635" }, { "name": "CVE-2019-7576", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7576" }, { "name": "CVE-2019-14834", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14834" }, { "name": "CVE-2018-15855", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15855" }, { "name": "CVE-2019-7149", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7149" }, { "name": "CVE-2018-7642", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7642" }, { "name": "CVE-2019-5010", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5010" }, { "name": "CVE-2018-12641", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12641" }, { "name": "CVE-2021-3396", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3396" }, { "name": "CVE-2020-12403", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12403" }, { "name": "CVE-2017-15268", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15268" }, { "name": "CVE-2018-15587", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15587" }, { "name": "CVE-2016-10746", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10746" }, { "name": "CVE-2017-13711", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13711" }, { "name": "CVE-2014-8131", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8131" }, { "name": "CVE-2014-9601", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9601" }, { "name": "CVE-2014-3657", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3657" }, { "name": "CVE-2018-10373", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10373" }, { "name": "CVE-2017-17790", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17790" }, { "name": "CVE-2011-2511", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2511" }, { "name": "CVE-2018-1000802", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802" }, { "name": "CVE-2017-7555", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7555" }, { "name": "CVE-2016-9015", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9015" }, { "name": "CVE-2017-13720", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13720" }, { "name": "CVE-2018-11782", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11782" }, { "name": "CVE-2017-11671", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11671" }, { "name": "CVE-2017-10664", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10664" }, { "name": "CVE-2018-11213", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11213" }, { "name": "CVE-2013-6457", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6457" }, { "name": "CVE-2019-10138", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10138" }, { "name": "CVE-2019-7578", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7578" }, { "name": "CVE-2020-7039", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7039" }, { "name": "CVE-2017-11368", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11368" }, { "name": "CVE-2018-0494", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0494" }, { "name": "CVE-2019-20485", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20485" }, { "name": "CVE-2003-1418", "url": "https://www.cve.org/CVERecord?id=CVE-2003-1418" }, { "name": "CVE-2017-15289", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15289" }, { "name": "CVE-2016-5391", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5391" }, { "name": "CVE-2017-2810", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2810" }, { "name": "CVE-2018-15864", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15864" }, { "name": "CVE-2017-18207", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18207" }, { "name": "CVE-2019-12761", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12761" }, { "name": "CVE-2013-5651", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5651" }, { "name": "CVE-2017-17522", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17522" }, { "name": "CVE-2019-20382", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20382" }, { "name": "CVE-2016-2533", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2533" }, { "name": "CVE-2019-14287", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14287" }, { "name": "CVE-2018-18520", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18520" }, { "name": "CVE-2019-9740", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740" }, { "name": "CVE-2019-7575", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7575" }, { "name": "CVE-2015-5652", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5652" }, { "name": "CVE-2019-7572", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7572" }, { "name": "CVE-2017-6519", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6519" }, { "name": "CVE-2018-10906", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10906" }, { "name": "CVE-2018-15863", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15863" }, { "name": "CVE-2018-15862", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15862" }, { "name": "CVE-2018-1000079", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079" }, { "name": "CVE-2019-7664", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7664" }, { "name": "CVE-2017-5992", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5992" }, { "name": "CVE-2019-16865", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16865" }, { "name": "CVE-2019-8324", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8324" }, { "name": "CVE-2018-1000076", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076" }, { "name": "CVE-2018-1000030", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030" }, { "name": "CVE-2018-1000074", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074" }, { "name": "CVE-2017-0901", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0901" }, { "name": "CVE-2018-7568", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7568" }, { "name": "CVE-2016-0775", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0775" }, { "name": "CVE-2018-15688", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15688" }, { "name": "CVE-2018-14599", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14599" }, { "name": "CVE-2018-10733", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10733" }, { "name": "CVE-2016-9396", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9396" }, { "name": "CVE-2019-10160", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10160" }, { "name": "CVE-2017-7562", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7562" }, { "name": "CVE-2016-1000032", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032" }, { "name": "CVE-2017-15124", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15124" }, { "name": "CVE-2018-1113", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1113" }, { "name": "CVE-2013-4399", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4399" }, { "name": "CVE-2019-7636", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7636" }, { "name": "CVE-2014-3672", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3672" }, { "name": "CVE-2018-4700", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4700" }, { "name": "CVE-2017-0903", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0903" }, { "name": "CVE-2018-15856", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15856" }, { "name": "CVE-2018-1000078", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078" }, { "name": "CVE-2019-7573", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7573" }, { "name": "CVE-2018-1000077", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077" }, { "name": "CVE-2010-2237", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2237" }, { "name": "CVE-2018-1000876", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876" }, { "name": "CVE-2018-14348", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14348" }, { "name": "CVE-2019-3890", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3890" }, { "name": "CVE-2015-7498", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7498" }, { "name": "CVE-2019-7577", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7577" }, { "name": "CVE-2016-0740", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0740" }, { "name": "CVE-2018-4180", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4180" }, { "name": "CVE-2013-4297", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4297" }, { "name": "CVE-2010-2238", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2238" }, { "name": "CVE-2018-14600", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14600" }, { "name": "CVE-2017-13090", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13090" }, { "name": "CVE-2013-7336", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7336" }, { "name": "CVE-2018-10372", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10372" }, { "name": "CVE-2019-7637", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7637" }, { "name": "CVE-2018-11806", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11806" }, { "name": "CVE-2018-7643", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7643" }, { "name": "CVE-2015-0236", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0236" }, { "name": "CVE-2018-1000117", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117" }, { "name": "CVE-2014-0209", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0209" }, { "name": "CVE-2013-2230", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2230" }, { "name": "CVE-2018-1122", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1122" }, { "name": "CVE-2014-3960", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3960" }, { "name": "CVE-2019-16056", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16056" }, { "name": "CVE-2020-12663", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12663" }, { "name": "CVE-2018-10768", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10768" }, { "name": "CVE-2017-16611", "url": "https://www.cve.org/CVERecord?id=CVE-2017-16611" }, { "name": "CVE-2014-7823", "url": "https://www.cve.org/CVERecord?id=CVE-2014-7823" }, { "name": "CVE-2020-10703", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10703" }, { "name": "CVE-2018-7569", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7569" }, { "name": "CVE-2013-4154", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4154" }, { "name": "CVE-2018-20060", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060" }, { "name": "CVE-2015-9382", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9382" }, { "name": "CVE-2017-18190", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18190" }, { "name": "CVE-2016-4009", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4009" }, { "name": "CVE-2018-13033", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13033" }, { "name": "CVE-2016-9190", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9190" }, { "name": "CVE-2019-7574", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7574" }, { "name": "CVE-2016-0772", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0772" }, { "name": "CVE-2016-5699", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5699" }, { "name": "CVE-2011-1486", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1486" }, { "name": "CVE-2020-5208", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5208" }, { "name": "CVE-2019-6778", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6778" }, { "name": "CVE-2020-10772", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10772" }, { "name": "CVE-2020-25637", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25637" }, { "name": "CVE-2018-10360", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10360" }, { "name": "CVE-2018-15859", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15859" }, { "name": "CVE-2017-13089", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13089" }, { "name": "CVE-2019-12779", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12779" }, { "name": "CVE-2019-1010238", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238" }, { "name": "CVE-2019-6690", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6690" }, { "name": "CVE-2015-8317", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8317" }, { "name": "CVE-2018-4181", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4181" }, { "name": "CVE-2019-8323", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8323" }, { "name": "CVE-2016-3616", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3616" }, { "name": "CVE-2018-14498", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14498" }, { "name": "CVE-2018-15861", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15861" }, { "name": "CVE-2019-7150", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7150" }, { "name": "CVE-2019-17042", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17042" }, { "name": "CVE-2016-5008", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5008" }, { "name": "CVE-2014-4616", "url": "https://www.cve.org/CVERecord?id=CVE-2014-4616" } ], "initial_release_date": "2022-03-23T00:00:00", "last_revision_date": "2022-03-23T00:00:00", "links": [], "reference": "CERTFR-2022-AVI-267", "revisions": [ { "description": "Version initiale", "revision_date": "2022-03-23T00:00:00.000000" } ], "risks": [ { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST" } ] }
cnvd-2016-06302
Vulnerability from cnvd
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://pypi.python.org/pypi/hpack
Name | Python HPACK <2.3.0 |
---|
{ "bids": { "bid": { "bidNumber": "92315" } }, "cves": { "cve": { "cveNumber": "CVE-2016-6581" } }, "description": "Python\u662fPython\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u7684\u3001\u9762\u5411\u5bf9\u8c61\u7684\u7a0b\u5e8f\u8bbe\u8ba1\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u5177\u6709\u53ef\u6269\u5c55\u3001\u652f\u6301\u6a21\u5757\u548c\u5305\u3001\u652f\u6301\u591a\u79cd\u5e73\u53f0\u7b49\u7279\u70b9\u3002Python HPACK\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u5b9e\u73b0Python HTTP /2\u5934\u7f16\u7801\u7684\u6a21\u5757\u3002\r\n\r\nPython HPACK 2.3.0\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002", "discovererName": "Cory Benfield", "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://pypi.python.org/pypi/hpack", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2016-06302", "openTime": "2016-08-12", "patchDescription": "Python\u662fPython\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u7684\u3001\u9762\u5411\u5bf9\u8c61\u7684\u7a0b\u5e8f\u8bbe\u8ba1\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u5177\u6709\u53ef\u6269\u5c55\u3001\u652f\u6301\u6a21\u5757\u548c\u5305\u3001\u652f\u6301\u591a\u79cd\u5e73\u53f0\u7b49\u7279\u70b9\u3002Python HPACK\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u5b9e\u73b0Python HTTP /2\u5934\u7f16\u7801\u7684\u6a21\u5757\u3002\r\n\r\nPython HPACK 2.3.0\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "Python HPACK\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": "Python HPACK \u003c2.3.0" }, "referenceLink": "http://www.securityfocus.com/bid/92315", "serverity": "\u4e2d", "submitTime": "2016-08-11", "title": "Python HPACK\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e" }
pysec-2017-87
Vulnerability from pysec
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.
Name | purl | hpack | pkg:pypi/hpack |
---|
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "hpack", "purl": "pkg:pypi/hpack" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.3.0" } ], "type": "ECOSYSTEM" } ], "versions": [ "1.0.0", "1.0.1", "1.1.0", "2.0.0", "2.0.1", "2.1.0", "2.1.1", "2.2.0" ] } ], "aliases": [ "CVE-2016-6581", "GHSA-ffq8-576r-v26g" ], "details": "A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.", "id": "PYSEC-2017-87", "modified": "2021-08-27T03:22:04.412157Z", "published": "2017-01-10T15:59:00Z", "references": [ { "type": "WEB", "url": "https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/92315" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-ffq8-576r-v26g" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.