Description

loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has been addressed in release version 0.4.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-11-04T22:42:29.920Z

Last Modified :

2024-11-21T16:24:15.558Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-51502 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-51502.

URL Resource
https://github.com/bearcove/loona/commit/9a4028ec6484f50a320281271a41a5040ddb1ba8 cve-icon cve-icon
https://github.com/bearcove/loona/security/advisories/GHSA-7vm6-qwh5-9x44 cve-icon cve-icon
https://github.com/mlalic/hpack-rs/issues/11 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability