CVE-2024-36121

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-190
View all →

Vulnerability Description

netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat.

Related Vulnerabilities

CVE-2015-2310

CRITICAL
CVSS:9.1(Critical)

Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory vi...

CWE-1902015

CVE-2017-2782

CRITICAL
CVSS:9.1(Critical)

An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, le...

CWE-1902017

CVE-2019-16127

CRITICAL
CVSS:9.1(Critical)

Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.

CWE-1902019

CVE-2020-36242

CRITICAL
CVSS:9.1(Critical)

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated...

CWE-1902020

CVE-2021-32714

CRITICAL
CVSS:9.1(Critical)

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This ...

CWE-1902021

CVE-2021-3402

CRITICAL
CVSS:9.1(Critical)

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure vi...

CWE-1902021