Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:RUSTSEC-2023-0034
HistoryApr 14, 2023 - 12:00 p.m.

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

2023-04-1412:00:00
Google
osv.dev
9
resource exhaustion
h2 application
denial of service
network flood
memory usage
hyperium/h2#668 fix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

40.6%

JSON

If an attacker is able to flood the network with pairs of HEADERS/RST_STREAM frames, such that the h2 application is not able to accept them faster than the bytes are received, the pending accept queue can grow in memory usage. Being able to do this consistently can result in excessive memory use, and eventually trigger Out Of Memory.

This flaw is corrected in hyperium/h2#668, which restricts remote reset stream count by default.

CPENameOperatorVersion
h2lt0.3.17

Related

cve 1
fedora 46
cbl_mariner 3
openvas 46
nessus 4
nvd 1
cvelist 1
rustsec 1
ubuntucve 1
osv 2
debiancve 1
prion 1
github 1
cve
cve
CVE-2023-26964
2023-04-11 14:15:07
fedora
fedora
[SECURITY] Fedora 38 Update: rust-afterburn-5.4.0-3.fc38
2023-05-07 01:24:28
[SECURITY] Fedora 38 Update: mirrorlist-server-3.0.6-6.fc38
2023-05-07 01:24:28
[SECURITY] Fedora 37 Update: nispor-1.2.10-4.fc37
2023-05-18 00:50:52
cbl_mariner
cbl_mariner
CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-1
2024-04-09 20:48:36
CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-2
2024-04-19 22:15:55
CVE-2023-26964 affecting package rpm-ostree for versions less than 2024.4-1
2024-04-19 22:15:55
openvas
openvas
Fedora: Security Advisory for rust-cargo-c (FEDORA-2023-cc21019773)
2023-05-08 00:00:00
Fedora: Security Advisory for rust-gst-plugin-reqwest (FEDORA-2023-37ae269843)
2023-05-19 00:00:00
Fedora: Security Advisory for rust-pore (FEDORA-2023-37ae269843)
2023-05-19 00:00:00
nessus
nessus
Fedora 38 : clevis-pin-tpm2 / greetd / keyring-ima-signer / libkrun / etc (2023-cc21019773)
2023-05-07 00:00:00
Fedora 39 : clevis-pin-tpm2 / greetd / keyring-ima-signer / libkrun / etc (2023-d88521bfc5)
2023-11-07 00:00:00
Fedora 37 : clevis-pin-tpm2 / greetd / keyring-ima-signer / libkrun / etc (2023-37ae269843)
2023-05-18 00:00:00
nvd
nvd
CVE-2023-26964
2023-04-11 14:15:07
cvelist
cvelist
CVE-2023-26964
2023-04-11 00:00:00
rustsec
rustsec
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
2023-04-14 12:00:00
ubuntucve
ubuntucve
CVE-2023-26964
2023-04-11 00:00:00
osv
osv
CVE-2023-26964
2023-04-11 14:15:07
h2 vulnerable to denial of service
2023-04-11 15:30:30
debiancve
debiancve
CVE-2023-26964
2023-04-11 14:15:07
prion
prion
Design/Logic Flaw
2023-04-11 14:15:00
github
github
h2 vulnerable to denial of service
2023-04-11 15:30:30

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

40.6%

JSON
Related for OSV:RUSTSEC-2023-0034
cve1fedora46cbl_mariner3openvas46nessus4nvd1cvelist1rustsec1ubuntucve1osv2debiancve1prion1github1