7 matches found
CVE-2026-59246 Zero-length HTTP/2 CONTINUATION frames bypass Mint's header-block byte-size cap and exhaust client memory
Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...
EUVD-2026-43643
Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...
CVE-2026-49754
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...
Mozilla: Denial of Service using HTTP/2 CONTINUATION frames
The Mozilla Foundation Security Advisory describes this flaw as: There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser...
Mozilla: Denial of Service using HTTP/2 CONTINUATION frames
The Mozilla Foundation Security Advisory describes this flaw as: There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser...
SUSE-SU-2024:1160-1 Security update for go1.22
This update for go1.22 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames bsc1221400 Other changes: - go minor release upgrade to 1.22.2 bsc1218424...