Описание
webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources. This vulnerability is fixed in v0.10.0.
Ссылки
- ProductRelease Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.10.0 (исключая)
cpe:2.3:a:quic-go:webtransport-go:*:*:*:*:*:go:*:*
EPSS
Процентиль: 5%
0.00019
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-401
Связанные уязвимости
CVSS3: 5.3
github
около 2 месяцев назад
webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map
EPSS
Процентиль: 5%
0.00019
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-401