rpm package
opensuse/caddy&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/caddy&distro=openSUSE%20Leap%2015.6
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-22189 | Hig | 7.5 | < 2.8.4-bp156.3.3.1 | 2.8.4-bp156.3.3.1 | Apr 4, 2024 | quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame | |
| CVE-2023-45142 | — | < 2.8.4-bp156.3.3.1 | 2.8.4-bp156.3.3.1 | Oct 12, 2023 | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests |
- affected < 2.8.4-bp156.3.3.1fixed 2.8.4-bp156.3.3.1
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame
- CVE-2023-45142Oct 12, 2023affected < 2.8.4-bp156.3.3.1fixed 2.8.4-bp156.3.3.1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests