Project

General

Profile

Actions
Copy link

Security #8554

closed
OT PA

http2: excessive memory alloc with decompression bomb (8.0.x backport)

Security #8554: http2: excessive memory alloc with decompression bomb (8.0.x backport)

Added by OISF Ticketbot about 1 month ago. Updated 22 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.5
Affected Versions:
Label:
CVE:
2026-46387
Git IDs:

20104d09788b606b1de1923286d463a07ad47e6d
69107199d6fbff979bad2174cd3a904ab8951bd6

Severity:
HIGH
Disclosure Date:
07/03/2026
GHSA:
GHSA-45p7-j5wm-8wrx

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #1

  • Disclosure Date set to 07/03/2026
  • GHSA set to GHSA-45p7-j5wm-8wrx

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #2

  • Severity set to HIGH

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #3

  • CVE set to 2026-46387

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #4

  • Status changed from Assigned to In Review

SB Updated by Shivani Bhardwaj about 1 month ago Actions
Copy link
 #5

  • Subject changed from http2: protection against compression bombs (8.0.x backport) to http2: excessive memory alloc with decompression bomb (8.0.x backport)

SB Updated by Shivani Bhardwaj about 1 month ago Actions
Copy link
 #6

  • Status changed from In Review to Resolved

VJ Updated by Victor Julien about 1 month ago Actions
Copy link
 #7

  • Status changed from Resolved to Closed

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #8

  • Git IDs updated (diff)

JI Updated by Jason Ish 22 days ago Actions
Copy link
 #9

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom