CVE-2024-51502
Description
loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has been addressed in release version 0.4.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Is your site exposed to CVE-2024-51502?
Run a free security scan — no signup, results in seconds.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-51502? +
How do I check if I'm vulnerable to CVE-2024-51502? +
Related Vulnerabilities
A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests …
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS …
A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller, …
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. …
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell …
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as …