Actions
Security #6892
closed
PA
PA
http2: oom on copying compressed headers
Security #6892:
http2: oom on copying compressed headers
Git IDs:
390f09692eb99809c679d3f350c7cc185d163e1a
Severity:
CRITICAL
Disclosure Date:
06/20/2024
Description
Found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67562
I would rate this critical : can allocate up to 4Gbytes of memory with 128 kbytes of traffic...
We have one bound of 65k for the maximum "dynamic headers table" size, but this can get multiplied by an arbitrary number of bytes representing one compressed header.
Not sure to backport it for 6 as HTTP2 is experimental there
OT Updated by OISF Ticketbot about 2 years ago
- Subtask #6893 added
OT Updated by OISF Ticketbot about 2 years ago
- Label deleted (
Needs backport to 7.0)
PA Updated by Philippe Antoine about 2 years ago
- Private changed from No to Yes
- Label Needs backport to 7.0 added
OT Updated by OISF Ticketbot about 2 years ago
- Label deleted (
Needs backport to 7.0)
VJ Updated by Victor Julien about 2 years ago
- Severity changed from MODERATE to CRITICAL
PA Updated by Philippe Antoine about 2 years ago
- Status changed from New to In Review
Gitlab MR
PA Updated by Philippe Antoine about 2 years ago
- Related to Security #6900: http2: timeout logging headers added
VJ Updated by Victor Julien almost 2 years ago
- Label Needs backport to 6.0 added
OT Updated by OISF Ticketbot almost 2 years ago
- Subtask #6972 added
OT Updated by OISF Ticketbot almost 2 years ago
- Label deleted (
Needs backport to 6.0)
SB Updated by Shivani Bhardwaj almost 2 years ago
- CVE set to 2024-32663
VJ Updated by Victor Julien almost 2 years ago
- Status changed from In Review to Closed
- Git IDs updated (diff)
VJ Updated by Victor Julien almost 2 years ago
- Private changed from Yes to No
Actions