CVE-2023-26964
HIGHhyper/h2 < 0.3.17 - Denial of Service via H2 RST_STREAM Frame Handling
Title source: llmDescription
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).
References (3)
Core 3
Core References
Exploit, Issue Tracking
https://github.com/hyperium/hyper/issues/2877
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYRZ5Y2ALATKKPIITAFAJIS4TR4LUAHO/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBAE7LQARMPUEEV4TWET4D7G6WCWBUD/
Scores
CVSS v3
7.5
EPSS
0.0111
EPSS Percentile
61.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (3)
crates.io/h2
0 - 0.3.17crates.io
hyper/h2
0.2.4
hyper/hyper
0.13.7
Published
Apr 11, 2023
Tracked Since
Feb 18, 2026