Project

General

Profile

Actions
Copy link

Security #6660

closed
OT PA

Security #6481: http2: quadratic complexity in find_or_create_tx not bounded by max-tx

http2: quadratic complexity in find_or_create_tx not bounded by max-tx (6.0.x backport)

Security #6660: http2: quadratic complexity in find_or_create_tx not bounded by max-tx (6.0.x backport)

Added by OISF Ticketbot over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
6.0.16
Affected Versions:
Label:
CVE:
2024-23836
Git IDs:

b1549e930f6426eeff43f12b672337cbcda566b8

Severity:
LOW
Disclosure Date:

JI Updated by Jason Ish about 2 years ago Actions
Copy link
 #1

  • Severity changed from MODERATE to CRITICAL

JI Updated by Jason Ish about 2 years ago Actions
Copy link
 #2

  • Status changed from Assigned to In Review

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
 #3

  • Status changed from In Review to Resolved

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
 #4

  • CVE set to 2024-23836
  • Severity changed from CRITICAL to LOW

LOW severity as HTTP2 is considered experimental and disabled by default in 6.0.x.

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
 #5

  • Status changed from Resolved to Closed
  • Git IDs updated (diff)

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
 #6

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom