Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 915553 (CVE-2023-44487) - [Tracker] HTTP/2 Rapid Reset vulnerability
Summary: [Tracker] HTTP/2 Rapid Reset vulnerability
Alias: CVE-2023-44487
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3
Keywords: Tracker
Depends on: 915554 915567 CVE-2023-42794, CVE-2023-42795, CVE-2023-45648 CVE-2023-31122, CVE-2023-43622, CVE-2023-45802 916038 CVE-2023-38552, CVE-2023-39331, CVE-2023-39332, CVE-2023-39333, CVE-2023-45143 917614 918413 918415 918418 918419 CVE-2023-3462, CVE-2023-4680, CVE-2023-5077 CVE-2023-39325 CVE-2023-36478, CVE-2023-39151, CVE-2023-43494, CVE-2023-43495, CVE-2023-43496, CVE-2023-43497, CVE-2023-43498
  Show dependency tree
Reported: 2023-10-10 16:52 UTC by Hans de Graaff
Modified: 2023-11-24 19:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hans de Graaff gentoo-dev Security 2023-10-10 16:52:03 UTC
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.