Project

General

Profile

Actions

Security #6660

closed

Security #6481: http2: quadratic complexity in find_or_create_tx not bounded by max-tx

http2: quadratic complexity in find_or_create_tx not bounded by max-tx (6.0.x backport)

Added by OISF Ticketbot 11 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
Git IDs:

b1549e930f6426eeff43f12b672337cbcda566b8

Severity:
LOW
Disclosure Date:
Actions #1

Updated by Jason Ish 10 months ago

  • Severity changed from MODERATE to CRITICAL
Actions #2

Updated by Jason Ish 10 months ago

  • Status changed from Assigned to In Review
Actions #3

Updated by Victor Julien 10 months ago

  • Status changed from In Review to Resolved
Actions #4

Updated by Victor Julien 10 months ago

  • CVE set to 2024-23836
  • Severity changed from CRITICAL to LOW

LOW severity as HTTP2 is considered experimental and disabled by default in 6.0.x.

Actions #5

Updated by Philippe Antoine 9 months ago

  • Status changed from Resolved to Closed
  • Git IDs updated (diff)
Actions #6

Updated by Victor Julien 9 months ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF