Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 915553 (CVE-2023-44487)

Summary: [Tracker] HTTP/2 Rapid Reset vulnerability
Product: Gentoo Security Reporter: Hans de Graaff <graaff>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: hanno
Priority: Normal Keywords: Tracker
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.cve.org/CVERecord?id=CVE-2023-44487
Whiteboard: A3
Package list:
Runtime testing required: ---
Bug Depends on: 915554, 915567, 915568, 915996, 916038, 916513, 917614, 918413, 918415, 918418, 918419, 918420, 915555, 918101    
Bug Blocks:    

Description Hans de Graaff gentoo-dev Security 2023-10-10 16:52:03 UTC 
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.