An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Denial of Service (DoS).

🗓️ 17 May 2023 07:00:00Reported by MicrosoftType

DoS due to memory and CPU usage from HTTP2 reset stream frame handling in hyper 0.13.7 and h2 0.2.4.

Reporter	Title	Published	Views	Family All 151
Tenable Nessus	Azure Linux 3.0 Security Update: kata-containers / rpm-ostree (CVE-2023-26964)	10 Feb 202500:00	–	nessus
Tenable Nessus	Fedora 37 : clevis-pin-tpm2 / greetd / keyring-ima-signer / libkrun / etc (2023-37ae269843)	18 May 202300:00	–	nessus
Tenable Nessus	Fedora 38 : clevis-pin-tpm2 / greetd / keyring-ima-signer / libkrun / etc (2023-cc21019773)	7 May 202300:00	–	nessus
Tenable Nessus	Fedora 39 : clevis-pin-tpm2 / greetd / keyring-ima-signer / libkrun / etc (2023-d88521bfc5)	7 Nov 202300:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: kata-containers / rpm-ostree (CVE-2023-26964)	3 Jul 202400:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : kanidm (openSUSE-SU-2024:0294-1)	10 Sep 202400:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rustup (SUSE-SU-2023:2603-1)	23 Jun 202300:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2023-26964	30 Aug 202500:00	–	nessus
CBLMariner	CVE-2023-26964 affecting package rpm-ostree for versions less than 2022.1-7	26 Aug 202416:27	–	cbl_mariner
CBLMariner	CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-1	9 Apr 202420:48	–	cbl_mariner