CVE-2024-51502
Description
loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has been addressed in release version 0.4.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Is your site exposed to CVE-2024-51502?
Run a free security scan — no signup, results in seconds.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-51502? +
How do I check if I'm vulnerable to CVE-2024-51502? +
Related Vulnerabilities
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as …
A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests …
A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller, …
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS …
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. …
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker …