Lucene search

PRIOn knowledge basePRION:CVE-2023-39456

HistoryOct 17, 2023 - 7:15 a.m.

Input validation

2023-10-1707:15:00

PRIOn knowledge base

www.prio-n.com

apache traffic server

input validation

http/2 frames

vulnerability

upgrade

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.9%

JSON

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2.

Users are recommended to upgrade to version 9.2.3, which fixes the issue.

CPENameOperatorVersion
traffic_serverge9.0.0
traffic_serverlt9.2.3
fedoraeq37
fedoraeq38

Name	Operator	Version
traffic_server	ge	9.0.0
traffic_server	lt	9.2.3
fedora	eq	37
fedora	eq	38

References

lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q

lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/

lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/

lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/

www.debian.org/security/2023/dsa-5549