Project

General

Profile

Actions
Copy link

Security #6660

closed

Security #6481: http2: quadratic complexity in find_or_create_tx not bounded by max-tx

http2: quadratic complexity in find_or_create_tx not bounded by max-tx (6.0.x backport)

Added by OISF Ticketbot about 1 year ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
6.0.16
Affected Versions:
Label:
CVE:
2024-23836
Git IDs:

b1549e930f6426eeff43f12b672337cbcda566b8

Severity:
LOW
Disclosure Date:
Actions
Copy link
 #1

Updated by Jason Ish about 1 year ago

  • Severity changed from MODERATE to CRITICAL
Actions
Copy link
 #2

Updated by Jason Ish about 1 year ago

  • Status changed from Assigned to In Review
Actions
Copy link
 #3

Updated by Victor Julien about 1 year ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #4

Updated by Victor Julien about 1 year ago

  • CVE set to 2024-23836
  • Severity changed from CRITICAL to LOW

LOW severity as HTTP2 is considered experimental and disabled by default in 6.0.x.

Actions
Copy link
 #5

Updated by Philippe Antoine about 1 year ago

  • Status changed from Resolved to Closed
  • Git IDs updated (diff)
Actions
Copy link
 #6

Updated by Victor Julien 12 months ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF