rpm package
opensuse/wasm-pack&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/wasm-pack&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-26964 | — | < 0.11.0~0-2.1 | 0.11.0~0-2.1 | Apr 11, 2023 | An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS). | ||
| CVE-2022-31394 | — | < 0.11.0~0-1.1 | 0.11.0~0-1.1 | Feb 21, 2023 | Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. | ||
| CVE-2023-22895 | — | < 0.10.3~0-2.1 | 0.10.3~0-2.1 | Jan 10, 2023 | The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. |
- CVE-2023-26964Apr 11, 2023affected < 0.11.0~0-2.1fixed 0.11.0~0-2.1
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).
- CVE-2022-31394Feb 21, 2023affected < 0.11.0~0-1.1fixed 0.11.0~0-1.1
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
- CVE-2023-22895Jan 10, 2023affected < 0.10.3~0-2.1fixed 0.10.3~0-2.1
The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.