Today > | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-51502

Nov. 21, 2024, 5:15 p.m.

Tags

security-advisories@github.com
CWE-755
2024-11-04
CVE-2024-51502

Product(s) Impacted

loona-hpack

  • before 0.4.3

Description

loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has been addressed in release version 0.4.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Weaknesses

CWE-755
Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

CWE ID: 755

Date

Published: Nov. 4, 2024, 11:15 p.m.

Last Modified: Nov. 21, 2024, 5:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

References

https://github.com/ security-advisories@github.com
https://github.com/ security-advisories@github.com
https://github.com/ security-advisories@github.com