Project

General

Profile

Actions
Copy link

Security #8555

closed
OT PA

http2: excessive memory alloc with decompression bomb (7.0.x backport)

Security #8555: http2: excessive memory alloc with decompression bomb (7.0.x backport)

Added by OISF Ticketbot about 1 month ago. Updated 21 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
7.0.16
Affected Versions:
Label:
CVE:
2026-46387
Git IDs:

16c689cbec9d424392c5547c959ad0b2d8bb8a60
b468bd631c5b9ddc153404b2b23abf48daf25fee
5c6af4419b82ce5a1f7b6e19f0a7b5b907997f78

Severity:
HIGH
Disclosure Date:
07/03/2026
GHSA:
GHSA-45p7-j5wm-8wrx

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #1

  • Disclosure Date set to 07/03/2026
  • GHSA set to GHSA-45p7-j5wm-8wrx

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #2

  • Severity set to HIGH

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #3

  • CVE set to 2026-46387

SB Updated by Shivani Bhardwaj about 1 month ago Actions
Copy link
 #4

  • Subject changed from http2: protection against compression bombs (7.0.x backport) to http2: excessive memory alloc with decompression bomb (7.0.x backport)

PA Updated by Philippe Antoine about 1 month ago Actions
Copy link
 #5

  • Status changed from Assigned to In Review

Gitlab MR Staging v3

VJ Updated by Victor Julien about 1 month ago Actions
Copy link
 #6

  • Status changed from In Review to Resolved

VJ Updated by Victor Julien about 1 month ago Actions
Copy link
 #7

  • Status changed from Resolved to Closed

JI Updated by Jason Ish about 1 month ago Actions
Copy link
 #8

  • Git IDs updated (diff)

JI Updated by Jason Ish 21 days ago Actions
Copy link
 #9

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom