Vulnerability Description
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hyper | H2 | 0.2.4 |
| Hyper | Hyper | 0.13.7 |
Related Weaknesses (CWE)
References
- https://github.com/hyperium/hyper/issues/2877ExploitIssue Tracking
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/hyperium/hyper/issues/2877ExploitIssue Tracking
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2023-26964?
CVE-2023-26964 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a De...
How severe is CVE-2023-26964?
CVE-2023-26964 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26964?
Check the references section above for vendor advisories and patch information. Affected products include: Hyper H2, Hyper Hyper.