Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

Red Hat Security Advisory 2024-1503-03

Red Hat Security Advisory 2024-1503-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and privilege escalation vulnerabilities.

Packet Storm
#vulnerability#linux#red_hat#dos#nodejs#js#java
GHSA-w8gf-g2vq-j2f4: amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames

Early versions of `amphp/http-client` with HTTP/2 support (v4.0.0-rc10 to 4.0.0) will collect HTTP/2 `CONTINUATION` frames in an unbounded buffer and will not check the header size limit until it has received the `END_HEADERS` flag, resulting in an OOM crash. Later versions of `amphp/http-client` (v4.1.0-rc1 and up) depend on `amphp/http` for HTTP/2 processing and will therefore need an updated version of `amphp/http`, see [GHSA-qjfw-cvjf-f4fm](https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm). ## Acknowledgements Thank you to [Bartek Nowotarski](https://nowotarski.info/) for reporting the vulnerability.

GHSA-qjfw-cvjf-f4fm: AMPHP Denial of Service via HTTP/2 CONTINUATION Frames

`amphp/http` will collect HTTP/2 `CONTINUATION` frames in an unbounded buffer and will not check the header size limit until it has received the `END_HEADERS` flag, resulting in an OOM crash. `amphp/http-client` and `amphp/http-server` are indirectly affected if they're used with an unpatched version of `amphp/http`. Early versions of `amphp/http-client` with HTTP/2 support (v4.0.0-rc10 to 4.0.0) are also directly affected. ## Acknowledgements Thank you to [Bartek Nowotarski](https://nowotarski.info/) for reporting the vulnerability.

GHSA-vjhf-6xfr-5p9g: KubeVirt NULL pointer dereference flaw

A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.

GHSA-75hq-h6g9-h4q5: Wasmtime vulnerable to panic when using a dropped extenref-typed element segment

### Impact The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. The panic in question is caused when a WebAssembly module issues a `table.*` instruction which uses a dropped element segment with a table that also has an `externref` type. This causes Wasmtime to erroneously use an empty function segment instead of an empty externref segment to perform this operation. This mismatch in types causes a panic in Wasmtime when it's asserted that an externref table is only viewed as externrefs. This regression was introduced during the development of the 19.0.0 release and only affects the 19.0.0 release. This panic requires the `reference-types` WebAssembly feature to be enabled, and it is enabled by default. Toolchains are not known to generate this pattern by default so it's likely a module would nee...

Debian Security Advisory 5651-1

Debian Linux Security Advisory 5651-1 - Two security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or denial of service.

Red Hat Security Advisory 2024-1576-03

Red Hat Security Advisory 2024-1576-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

Yogurt Heist Reveals a Rampant Form of Online Fraud

Plus: “MFA bombing” attacks target Apple users, Israel deploys face recognition tech on Gazans, AI gets trained to spot tent encampments, and OSINT investigators find fugitive Amond Bundy.

GHSA-x768-cvr2-345r: Un-sanitized metric name or labels can be used to take over exported metrics

### Impact In code which applies _un-sanitized string values into metric names or labels_, like this: ```swift let lang = try? request.query-get(String.self, at: "lang") Counter ( label: "language", dimensions: [("lang", lang ?? "unknown" )] ) ``` an attacker could make use of this and send a `?lang` query parameter containing newlines, `}` or similar characters which can lead to the attacker taking over the exported format -- including creating unbounded numbers of stored metrics, inflating server memory usage, or causing "bogus" metrics. ### Patches The default strategy to sanitize labels was moved deeper into the library, preventing illegal characters from appearing in name, label keys and values. Metric names and label names are now validated against the following requirement: `[a-zA-Z_:][a-zA-Z0-9_:]*` (for metric names) and `[a-zA-Z_][a-zA-Z0-9_]*` (for metric label names). Label values are not validated as they are allowed to contain any unicode characters. Developers...

GHSA-jhwx-mhww-rgc3: ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability

### Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The loadRepoIndex() function in the ArgoCD's helm package, does not limit the size nor time while fetching the data. It fetches it and creates a byte slice from the retrieved data in one go. If the registry is implemented to push data continuously, the repo server will keep allocating memory until it runs out of it. ### Patches A patch for this vulnerability has been released in the following Argo CD versions: v2.10.5 v2.9.10 v2.8.14 ### For more information If you have any questions or comments about this advisory: Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions) Join us on [Slack](https...