Описание
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.4.29-1ubuntu4.10 |
| cosmic | ignored | end of life |
| devel | not-affected | 2.4.41-1ubuntu1 |
| disco | released | 2.4.38-2ubuntu2.2 |
| esm-infra-legacy/trusty | not-affected | http2 support not implemented |
| esm-infra/bionic | not-affected | 2.4.29-1ubuntu4.10 |
| esm-infra/xenial | not-affected | code not built |
| precise/esm | not-affected | http2 support not implemented |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected | http2 support not implemented |
Показывать по
EPSS
7.8 High
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
Some HTTP/2 implementations are vulnerable to unconstrained interal da ...
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
EPSS
7.8 High
CVSS2
7.5 High
CVSS3