摘要:
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
安全等级: Low
公告ID: KylinSec-SA-2024-3477
发布日期: 2024年8月29日
关联CVE: CVE-2019-9511
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2019-9511 | KY3.4-5A | nghttp2 | Unaffected |
| CVE-2019-9511 | KY3.5.2 | nghttp2 | Unaffected |
| CVE-2019-9511 | V6 | nghttp2 | Unaffected |
