Actions
Security #6481
closedhttp2: quadratic complexity in find_or_create_tx not bounded by max-tx
Git IDs:
80abc22f6475b6a87a33166729a871203f34d578
Severity:
CRITICAL
Disclosure Date:
01/16/2024
Description
As a single parsing round can create more transactions than max-tx
Found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63345
Updated by Victor Julien about 1 year ago
- Target version changed from 7.0.3 to 8.0.0-beta1
- Label Needs backport to 7.0 added
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 7.0)
Updated by Victor Julien 11 months ago
- Severity changed from MODERATE to CRITICAL
Issue is about number of transactions created from a single block of data. Since the minimal size to create a tx is small, it can still be a very large number.
Updated by Victor Julien 10 months ago
- Status changed from In Review to Resolved
- CVE set to 2024-23836
Updated by Philippe Antoine 10 months ago
- Status changed from Resolved to Closed
- Git IDs updated (diff)
Actions