CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hyper:h2:0.2.4:*:*:*:*:rust:*:*
cpe:2.3:a:hyper:hyper:0.13.7:*:*:*:*:rust:*:*

History

21 Nov 2024, 07:52

Type Values Removed Values Added
References () https://github.com/hyperium/hyper/issues/2877 - Exploit, Issue Tracking () https://github.com/hyperium/hyper/issues/2877 - Exploit, Issue Tracking
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBAE7LQARMPUEEV4TWET4D7G6WCWBUD/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBAE7LQARMPUEEV4TWET4D7G6WCWBUD/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYRZ5Y2ALATKKPIITAFAJIS4TR4LUAHO/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYRZ5Y2ALATKKPIITAFAJIS4TR4LUAHO/ -

07 Nov 2023, 04:09

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHBAE7LQARMPUEEV4TWET4D7G6WCWBUD/', 'name': 'FEDORA-2023-37ae269843', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYRZ5Y2ALATKKPIITAFAJIS4TR4LUAHO/', 'name': 'FEDORA-2023-cc21019773', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYRZ5Y2ALATKKPIITAFAJIS4TR4LUAHO/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBAE7LQARMPUEEV4TWET4D7G6WCWBUD/ -

Information

Published : 2023-04-11 14:15

Updated : 2024-11-21 07:52


NVD link : CVE-2023-26964

Mitre link : CVE-2023-26964

CVE.ORG link : CVE-2023-26964


JSON object : View

Products Affected

hyper

  • hyper
  • h2
CWE
CWE-770

Allocation of Resources Without Limits or Throttling