nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
3.3CVSS
4AI Score
0.001EPSS
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes th...
7.5CVSS
7.7AI Score
0.012EPSS