vulnerability
Ubuntu: (Multiple Advisories) (CVE-2020-9494): trafficserver vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jun 24, 2020 | Apr 1, 2022 | Aug 18, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jun 24, 2020
Added
Apr 1, 2022
Modified
Aug 18, 2025
Description
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.
Solution
no-fix-ubuntu-package
References
- CVE-2020-9494
- https://attackerkb.com/topics/CVE-2020-9494
- CWE-770
- DEBIAN-DSA-4710
- NVD-CVE-2020-9494
- UBUNTU-USN-4448-1
- UBUNTU-USN-4596-1
- UBUNTU-USN-5360-1
- URL-https://lists.apache.org/thread.html/rf7f86917f42fdaf904d99560cba0c016e03baea6244c47efeb60ecbe%40%3Cdev.trafficserver.apache.org%3E
- URL-https://ubuntu.com/security/notices/USN-5360-1
- URL-https://www.cve.org/CVERecord?id=CVE-2020-9494
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.