PT-2024-34667 · Unknown · Loona-Hpack
Lowfasterthanlime
·
Published
2024-11-04
·
Updated
2024-11-05
·
CVE-2024-51502
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
loona-hpack versions prior to 0.4.3
Description
The issue affects users who try to decode untrusted input using the Decoder. All users who do this are vulnerable to the exploit. The problem is similar to the one documented in the original hpack issue #11. There are no known workarounds for this vulnerability.
Recommendations
For versions prior to 0.4.3, upgrade to release version 0.4.3 to address the issue. As a temporary workaround, consider avoiding the use of the Decoder with untrusted input until the upgrade is applied.
Exploit
Fix
Improper Handling of Exceptional Conditions
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Loona-Hpack