VYPR

Swift package

github.com/apple/swift-nio-http2

pkg:swift/github.com/apple/swift-nio-http2

Vulnerabilities (5)

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.28.0fixed 1.28.0

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2022-0618Mar 9, 2022
    affected >= 1.0.0, < 1.20fixed 1.20

    A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padd

  • CVE-2022-24668Feb 9, 2022
    affected >= 1.0.0, < 1.19.2fixed 1.19.2

    A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but bef

  • CVE-2022-24667Feb 9, 2022
    affected >= 1.0.0, < 1.19.2fixed 1.19.2

    A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the

  • CVE-2022-24666Feb 9, 2022
    affected >= 1.0.0, < 1.19.2fixed 1.19.2

    A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HT