Количество 3
Количество 3
CVE-2016-6580
A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.
GHSA-h3q4-6j7f-r24c
priority vulnerable to denial of service
BDU:2021-03083
Уязвимость библиотеки python priority library, связанная с ошибками управления ресурсами, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2016-6580 A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree. | CVSS3: 7.5 | 0% Низкий | около 9 лет назад |
| GHSA-h3q4-6j7f-r24c priority vulnerable to denial of service | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
 | BDU:2021-03083 Уязвимость библиотеки python priority library, связанная с ошибками управления ресурсами, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | около 9 лет назад |
Уязвимостей на страницу