perl-Protocol-HTTP2-1.130.0-1.1 on GA media (moderate)

perl-Protocol-HTTP2-1.130.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10988-1 Rating: moderate Cross-References: CVE-2026-10725 CVSS scores: CVE-2026-10725 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerabilit...

Security update for perl-Protocol-HTTP2

This update for perl-Protocol-HTTP2 fixes the following issue CVE-2026-10725: denial of service due to absence of inbound HPACK header-list size limit HTTP/2 Bomb attack bsc1267857. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdat...

SUSE-SU-2026:2306-1 Security update for perl-Protocol-HTTP2

This update for perl-Protocol-HTTP2 fixes the following issue - CVE-2026-10725: denial of service due to absence of inbound HPACK header-list size limit HTTP/2 Bomb attack bsc1267857...

SUSE CVE-2026-10725

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

PT-2026-47148

Name of the Vulnerable Software and Affected Versions Protocol::HTTP2 versions prior to 1.13 Description The software is susceptible to an HTTP/2 Bomb, where a small request can expand into large server memory consumption. This occurs because the inbound HPACK path lacks a header-list size limit...