CVE-2016-6580

Опубликовано: 10 янв. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.

Ссылки

http://www.securityfocus.com/bid/92311
Third Party Advisory
VDB Entry
https://python-hyper.org/priority/en/latest/security/CVE-2016-6580.html
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/92311
Third Party Advisory
VDB Entry
https://python-hyper.org/priority/en/latest/security/CVE-2016-6580.html
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:python:python_priority_library:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python_priority_library:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python_priority_library:1.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00476

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-399

Связанные уязвимости

GHSA-h3q4-6j7f-r24c

CVSS3: 7.5

github

больше 3 лет назад

priority vulnerable to denial of service

BDU:2021-03083

CVSS3: 7.5

fstec

около 9 лет назад

Уязвимость библиотеки python priority library, связанная с ошибками управления ресурсами, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 64%

0.00476

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-399