๐ curl: CVE-2023-23916: HTTP multi-header compression denial of service
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary: A server can send an HTTP response with many occurrences of Transfer-Encoding and/or Content-Encoding headers. Each listed encoding allocates a buffer. The number of encodings listed within each header is already bounded but the number of headers is not, allowing an HTTP response to consume all available memory. Steps To Reproduce: Using the curl test environment: Extract test418 from the attached patch runtests.pl 418 Supporting Material/References: Patch fixing the problem and new test for the case. Impact Denial of... ...