Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
CVSS Details
- CVSS 3.1 Base Score: 7.5
- CVSS 3.1 Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Amazon Linux Ami 2 | amazon-linux-ami-2-upgrade-aws-nitro-enclaves-cliamazon-linux-ami-2-upgrade-aws-nitro-enclaves-cli-debuginfoamazon-linux-ami-2-upgrade-aws-nitro-enclaves-cli-develamazon-linux-ami-2-upgrade-aws-nitro-enclaves-cli-integration-tests | Mar 22, 2023 | Feb 21, 2023 | |
| Amazon_linux_2023 | amazon-linux-2023-upgrade-aws-nitro-enclaves-cliamazon-linux-2023-upgrade-aws-nitro-enclaves-cli-develamazon-linux-2023-upgrade-aws-nitro-enclaves-cli-integration-tests | Feb 17, 2025 | Feb 21, 2023 | |
| Debian | debian-upgrade-rust-hyper | Jul 30, 2024 | Feb 21, 2023 | |
| Suse | — | suse-upgrade-aws-nitro-enclaves-binaryblobs-upstreamsuse-upgrade-aws-nitro-enclaves-clisuse-upgrade-gstreamer-plugins-rssuse-upgrade-gstreamer-plugins-rs-develsuse-upgrade-rustupsuse-upgrade-sccachesuse-upgrade-system-group-ne | Apr 17, 2023 | Feb 21, 2023 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub