Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-26964HistoryApr 11, 2023 - 2:15 p.m.
CVE-2023-26964
2023-04-1114:15:07
Debian Security Bug Tracker
security-tracker.debian.org
11
hyper v0.13.7
http2 rst_stream
denial of service
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
40.6%
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | rust-h2 | < 0.3.13-2 | rust-h2_0.3.13-2_all.deb |
| Debian | 10 | all | rust-h2 | <= 0.1.16-1 | rust-h2_0.1.16-1_all.deb |
| Debian | 999 | all | rust-h2 | < 0.3.13-2 | rust-h2_0.3.13-2_all.deb |
| Debian | 13 | all | rust-h2 | < 0.3.13-2 | rust-h2_0.3.13-2_all.deb |
Related
cve
cve
CVE-2023-26964
2023-04-11 14:15:07
fedora
fedora
[SECURITY] Fedora 38 Update: rust-afterburn-5.4.0-3.fc38
2023-05-07 01:24:28
[SECURITY] Fedora 38 Update: mirrorlist-server-3.0.6-6.fc38
2023-05-07 01:24:28
[SECURITY] Fedora 37 Update: nispor-1.2.10-4.fc37
2023-05-18 00:50:52
cbl_mariner
cbl_mariner
CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-1
2024-04-09 20:48:36
CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-2
2024-04-19 22:15:55
CVE-2023-26964 affecting package rpm-ostree for versions less than 2024.4-1
2024-04-19 22:15:55
openvas
openvas
Fedora: Security Advisory for rust-cargo-c (FEDORA-2023-cc21019773)
2023-05-08 00:00:00
Fedora: Security Advisory for rust-pore (FEDORA-2023-37ae269843)
2023-05-19 00:00:00
osv
osv
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
2023-04-14 12:00:00
CVE-2023-26964
2023-04-11 14:15:07
h2 vulnerable to denial of service
2023-04-11 15:30:30
nessus
nessus
nvd
nvd
CVE-2023-26964
2023-04-11 14:15:07
ubuntucve
ubuntucve
CVE-2023-26964
2023-04-11 00:00:00
cvelist
cvelist
CVE-2023-26964
2023-04-11 00:00:00
rustsec
rustsec
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
2023-04-14 12:00:00
prion
prion
Design/Logic Flaw
2023-04-11 14:15:00
github
github
h2 vulnerable to denial of service
2023-04-11 15:30:30
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
40.6%
Related for DEBIANCVE:CVE-2023-26964