CVE-2022-31394
HIGHhyper < 0.14.19 - Denial of Service via HTTP/2 Header List Size Limit
Title source: llmDescription
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Patch, Vendor Advisory
https://github.com/hyperium/hyper/issues/2826
Issue Tracking, Patch
https://github.com/hyperium/hyper/pull/2828
Scores
CVSS v3
7.5
EPSS
0.0108
EPSS Percentile
60.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (1)
hyper/hyper
< 0.14.19
Published
Feb 21, 2023
Tracked Since
Feb 18, 2026