loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has been addressed in release version 0.4.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS
No CVSS.
References
Configurations
No configuration.
History
21 Nov 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
05 Nov 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 0.0 |
05 Nov 2024, 16:04
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Nov 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-04 23:15
Updated : 2024-11-21 17:15
NVD link : CVE-2024-51502
Mitre link : CVE-2024-51502
CVE.ORG link : CVE-2024-51502
JSON object : View
Products Affected
No product.
CWE
CWE-755
Improper Handling of Exceptional Conditions