CVE-2022-31394

Опубликовано: 21 фев. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.

Ссылки

https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19
Patch
https://github.com/hyperium/hyper/issues/2826
Exploit
Issue Tracking
Patch
Vendor Advisory
https://github.com/hyperium/hyper/pull/2828
Issue Tracking
Patch
https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19
Patch
https://github.com/hyperium/hyper/issues/2826
Exploit
Issue Tracking
Patch
Vendor Advisory
https://github.com/hyperium/hyper/pull/2828
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hyper:hyper:*:*:*:*:*:rust:*:*

Версия до 0.14.19 (исключая)

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS3

Дефекты

CWE-770

Связанные уязвимости

CVE-2022-31394

CVSS3: 7.5

ubuntu

почти 3 года назад

Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.

CVE-2022-31394

CVSS3: 7.5

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-31394

CVSS3: 7.5

debian

почти 3 года назад

Hyperium Hyper before 0.14.19 does not allow for customization of the ...

SUSE-SU-2024:0090-1

suse-cvrf

около 2 лет назад

Security update for gstreamer-plugins-rs

GHSA-x477-xp89-wc9r

CVSS3: 7.5

github

почти 3 года назад

Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS3

Дефекты

CWE-770