CVE-2023-26964
- Source
- https://cve.org/CVERecord?id=CVE-2023-26964
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-26964.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-26964
- Aliases
- Downstream
- Related
- Published
- 2023-04-11T14:15:07.677Z
- Modified
- 2026-03-11T07:50:34.077658326Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBAE7LQARMPUEEV4TWET4D7G6WCWBUD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYRZ5Y2ALATKKPIITAFAJIS4TR4LUAHO/
- https://github.com/hyperium/hyper/issues/2877
- https://github.com/hyperium/hyper/issues/2877
Affected packages
Git / github.com/hyperium/h2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hyperium/h2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected