CVE-2023-26964
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/04/2023
Last modified:
11/02/2025
Description
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hyper:h2:0.2.4:*:*:*:*:rust:*:* | ||
| cpe:2.3:a:hyper:hyper:0.13.7:*:*:*:*:rust:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/hyperium/hyper/issues/2877
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBAE7LQARMPUEEV4TWET4D7G6WCWBUD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYRZ5Y2ALATKKPIITAFAJIS4TR4LUAHO/
- https://github.com/hyperium/hyper/issues/2877
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBAE7LQARMPUEEV4TWET4D7G6WCWBUD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYRZ5Y2ALATKKPIITAFAJIS4TR4LUAHO/