Arch LinuxASA-201602-13nghttp2: denial of service
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
40.5%
HTTP/2 uses HPACK to compress header fields. The basic idea is that HTTP
header field is stored in the receiver with the numeric index number.
The memory used by this storage is tightly constrained, and it is 4KiB
by default. When sender sends the same header field, it just sends the
corresponding numeric index number, which is usually 1 or 2 bytes. This
means that after sender makes the receiver store the relatively large
header field (e.g., 4KiB), and it can send specially crafted
HEADERS/CONTINUATION frames which contain a lot of references to the
stored header field, sender easily effectively send lots of big header
fields to the receiver quite easily. nghttpd, nghttp, and
libnghttp2_asio applications do not limit the memory usage for received
header fields, so if the peer performs the procedure described above,
they will crash due to out of memory.
Related
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
40.5%