lockness-Ko

7 exploits Active since Mar 2024
CVE-2024-3094 NOMISEC CRITICAL WORKING POC
xz <5.6.0 - Code Injection
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
146 stars
CVSS 10.0
CVE-2024-2653 GITHUB HIGH go WORKING POC
amphttp <unknown> - Buffer Overflow
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
15 stars
CVSS 8.2
CVE-2024-27919 GITHUB HIGH go WORKING POC
Envoy 1.29.0-1.29.1 - Denial of Service via HTTP/2 CONTINUATION Frame Flood
Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.
15 stars
CVSS 7.5
CVE-2024-31309 GITHUB HIGH go WORKING POC
Apache Traffic Server 8.0.0-8.1.9 9.0.0-9.2.3 - Denial of Service via HTTP/2 CONTINUATION Frames
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
15 stars
CVSS 7.5
CVE-2024-28182 GITHUB MEDIUM go WORKING POC
nghttp2 < 1.61.0 - Denial of Service via Unbounded HTTP/2 CONTINUATION Frames
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
15 stars
CVSS 5.3
CVE-2024-30255 GITHUB MEDIUM go WORKING POC
Envoy < 1.26.8 - Denial of Service via HTTP/2 CONTINUATION Frame Flood
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.
15 stars
CVSS 5.3
CVE-2024-27316 NOMISEC HIGH WORKING POC
Apache HTTP Server 2.4.17-2.4.58 - Denial of Service via HTTP/2 Header Buffering
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
15 stars
CVSS 7.5