Showing 1 - 19 of 19

CVE-2020-11080

Status Candidate

Overview

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

Related Files

Red Hat Security Advisory 2020-3578-01: Posted Sep 8, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-3578-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data. Issues addressed include a cross site scripting vulnerability.; tags | advisory, xss; systems | linux, redhat; advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-14040, CVE-2020-7015, CVE-2020-7598, CVE-2020-8174; SHA-256 | 76031ee5b291a4db7234b7111c7dc3217a89ce4c9123293670c14dbd76b08150; Download | Favorite | View

Red Hat Security Advisory 2020-3525-01: Posted Aug 20, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-3525-01 - Quay 3.3.1 release has been released. An issue where build triggers can disclose robot account names and existence of private repos within namespaces has been addressed.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-11080, CVE-2020-12049, CVE-2020-13777, CVE-2020-14313; SHA-256 | 3f0048d4bdec59a51f24f090fac9217f3567fd502a0907966e5df07b310946ee; Download | Favorite | View

Red Hat Security Advisory 2020-3372-01: Posted Aug 7, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-3372-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-11080, CVE-2020-14040, CVE-2020-9283; SHA-256 | 15f8218926e31fddac4d72a068f13ab48a873143fcc6b353105a0e0f83f64a23; Download | Favorite | View

Red Hat Security Advisory 2020-3084-01: Posted Jul 22, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-3084-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and integer overflow vulnerabilities.; tags | advisory, denial of service, overflow, javascript, vulnerability; systems | linux, redhat; advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-7598, CVE-2020-8174; SHA-256 | 7a4caa69e6c2b55ec9e17b1435e419c0e4f4298a4da2e39e480c2298868fd2f7; Download | Favorite | View

Red Hat Security Advisory 2020-3042-01: Posted Jul 21, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-3042-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service, javascript; systems | linux, redhat; advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8174; SHA-256 | e7765e130071fe1aed44a6aa897f5dc59df0c6c8f4136fb6ca90fc3edb17713a; Download | Favorite | View

Red Hat Security Advisory 2020-2895-01: Posted Jul 13, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2895-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass, denial of service, and integer overflow vulnerabilities.; tags | advisory, denial of service, overflow, javascript, vulnerability; systems | linux, redhat; advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174; SHA-256 | 680e779c9e3835286a8719240773d16d587c92d31d1a764199074cfa834ac3be; Download | Favorite | View

Red Hat Security Advisory 2020-2852-01: Posted Jul 7, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2852-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.; tags | advisory, denial of service, javascript, vulnerability; systems | linux, redhat; advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174; SHA-256 | 1e24609706569805264896389d47a50da4b931bded85681c1a9784b359ee9210; Download | Favorite | View

Red Hat Security Advisory 2020-2848-01: Posted Jul 7, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2848-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service, javascript; systems | linux, redhat; advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8174; SHA-256 | 01d7c988d318715dd14781e26eec5cc619ac01728927cd50142b32f5c9df60c2; Download | Favorite | View

Red Hat Security Advisory 2020-2849-01: Posted Jul 7, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2849-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service, javascript; systems | linux, redhat; advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8174; SHA-256 | dc60f758491980ac3a11561215a4caff0c35e2289f85ed044b975b26538c56e1; Download | Favorite | View

Red Hat Security Advisory 2020-2847-01: Posted Jul 7, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2847-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.; tags | advisory, denial of service, javascript, vulnerability; systems | linux, redhat; advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174; SHA-256 | e5f4967b448d97773a801b2e8a80c6460ccfb6a255a99ae1e1723bed68884dab; Download | Favorite | View

Red Hat Security Advisory 2020-2850-01: Posted Jul 7, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2850-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service, protocol; systems | linux, redhat; advisories | CVE-2020-11080; SHA-256 | 116201c31d0e45a4806e06ae99432f7de0d7d319057ab8a9e0d2a7c6a6372148; Download | Favorite | View

Red Hat Security Advisory 2020-2823-01: Posted Jul 6, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2823-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service, protocol; systems | linux, redhat; advisories | CVE-2020-11080; SHA-256 | e7842fbbcf3bae47b075a53a2a176c7fd73322cb94b6f298a861b649a712e938; Download | Favorite | View

Red Hat Security Advisory 2020-2784-01: Posted Jul 1, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2784-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service, protocol; systems | linux, redhat; advisories | CVE-2020-11080; SHA-256 | 94bf8e913e098f956f7b8158d51276e0542af032d25d8ecfaf3f6157e54cf2b4; Download | Favorite | View

Debian Security Advisory 4696-1: Posted Jun 28, 2020; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4696-1 - Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code.; tags | advisory, denial of service, arbitrary, vulnerability; systems | linux, debian; advisories | CVE-2020-11080, CVE-2020-8174; SHA-256 | d8516cb50b72042afd3677ce970bc7873ca8cf7463bb3f2d29ebe7a93cbe32c0; Download | Favorite | View

Red Hat Security Advisory 2020-2755-01: Posted Jun 25, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2755-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service, protocol; systems | linux, redhat; advisories | CVE-2020-11080; SHA-256 | d11adf3d805faf3dbef817e9ef58c4c6f4cd13bf9ad3634b2d52a78080852383; Download | Favorite | View

Red Hat Security Advisory 2020-2646-01: Posted Jun 22, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2646-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Issues addressed include buffer over-read, denial of service, and memory leak vulnerabilities.; tags | advisory, web, denial of service, vulnerability, memory leak; systems | linux, redhat; advisories | CVE-2018-20843, CVE-2019-0196, CVE-2019-0197, CVE-2019-15903, CVE-2019-19956, CVE-2019-20388, CVE-2020-11080, CVE-2020-1934, CVE-2020-7595; SHA-256 | d1788a8e61cb334acd50091690da62efff82c9e0d9528c9f46c5226408959805; Download | Favorite | View

Red Hat Security Advisory 2020-2644-01: Posted Jun 22, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2644-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Issues addressed include buffer over-read, denial of service, and memory leak vulnerabilities.; tags | advisory, web, denial of service, vulnerability, memory leak; systems | linux, redhat; advisories | CVE-2018-20843, CVE-2019-0196, CVE-2019-0197, CVE-2019-15903, CVE-2019-19956, CVE-2019-20388, CVE-2020-11080, CVE-2020-1934, CVE-2020-7595; SHA-256 | 3c5cb032e0a7a155597c19347749b668adb80897922efd1951e936de20b50b4f; Download | Favorite | View

Red Hat Security Advisory 2020-2524-01: Posted Jun 11, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2524-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2020-11080; SHA-256 | fbfa3ba2771ca3d2c3032055cbc5daf2cd75681af6e4354f70742b1030e2f63e; Download | Favorite | View

Red Hat Security Advisory 2020-2523-01: Posted Jun 11, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2523-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2020-11080; SHA-256 | 5859bd4dc9842ce8ad71eb33e4bacf18fed875d7b192627c580c22fb4c19d266; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 169 files
Ubuntu 62 files
indoushka 49 files
Debian 23 files
CraCkEr 19 files
Google Security Research 14 files
Apple 9 files
Gentoo 9 files
EgiX 4 files
Jann Horn 4 files

File Archives

Systems

AIX (426)
Apple (1,945)
BSD (370)
CentOS (55)
Cisco (1,917)
Debian (6,662)
Fedora (1,690)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (337)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (44,599)
Mac OS X (684)
Mandriva (3,105)
NetBSD (255)
OpenBSD (479)
RedHat (12,638)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,262)
UNIX (9,182)
UnixWare (185)
Windows (6,518)
Other

CVE-2020-11080

Overview

Related Files

File Archive:

January 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems