what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2023-39326

Status Candidate

Overview

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.

Related Files

Red Hat Security Advisory 2024-0887-03
Posted Feb 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0887-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39326
SHA-256 | 252d850739346bcd9dd148f9d778246bd8a79d55919258160373d61950aeb2a9
Red Hat Security Advisory 2024-0880-03
Posted Feb 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0880-03 - Red Hat OpenShift Serverless 1.31.1 is now available. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-39326
SHA-256 | aa68f4cfab348ee1b1507967052adf89219321d582502ccea75a76363d733cec
Red Hat Security Advisory 2024-0748-03
Posted Feb 9, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0748-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39326
SHA-256 | 38169ca2d18738e03ec12fecfa3b7c4516b79bbe36094fac3f5ce511bf44f651
Red Hat Security Advisory 2024-0728-03
Posted Feb 9, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0728-03 - Logging Subsystem 5.8.3 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39326
SHA-256 | ad979721400e6a74a8f1a0ae62c790b5ae8f85639ccc280b36d194cfe2eada1d
Red Hat Security Advisory 2024-0695-03
Posted Feb 8, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0695-03 - Logging 5.6.16 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39326
SHA-256 | 74f07508787f84105ad147f9d99eed265a1ae46522876bea704642f9c900dce0
Red Hat Security Advisory 2024-0694-03
Posted Feb 8, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0694-03 - Logging Subsystem 5.7.11 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39326
SHA-256 | bc780341516006dfe22629ea1841ef212f6080baffde270be2824e8b3b52ab6e
Ubuntu Security Notice USN-6574-1
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6574-1 - Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that Go did not properly validate the "//go:cgo_" directives during compilation. An attacker could possibly use this issue to inject arbitrary code during compile time.

tags | advisory, arbitrary, javascript, xss
systems | linux, ubuntu
advisories | CVE-2023-39318, CVE-2023-39323, CVE-2023-39326, CVE-2023-45285
SHA-256 | b8c2a5761a1b9b637336f2af66c0577c0e91e5d6928b1d69d773c8f5060e8589
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close