Project

General

Profile

Actions

Security #6481

closed

http2: quadratic complexity in find_or_create_tx not bounded by max-tx

Added by Philippe Antoine about 1 year ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
Git IDs:

80abc22f6475b6a87a33166729a871203f34d578

Severity:
CRITICAL
Disclosure Date:
01/16/2024

Description

As a single parsing round can create more transactions than max-tx
Found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63345


Subtasks 2 (0 open2 closed)

Security #6531: http2: quadratic complexity in find_or_create_tx not bounded by max-tx (7.0.x backport)ClosedPhilippe AntoineActions
Security #6660: http2: quadratic complexity in find_or_create_tx not bounded by max-tx (6.0.x backport)ClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF