cbcvebase.
CVE-2023-26964
published 2023-04-11

CVE-2023-26964: An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and…

PriorityP434high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.12%
62.1th percentile
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).

Affected

18 ranges
VendorProductVersion rangeFixed in
debianrust-h2< rust-h2 0.3.13-2 (bookworm)rust-h2 0.3.13-2 (bookworm)
h2databaseh2>= 0 < 0.3.170.3.17
h2databaseh2>= 0.0.0-0 < 0.3.170.3.17
hyperh2
hyperhyper
msrcazl3_kata-containers_3.1.3-2_on_azure_linux_3.0
msrcazl3_kata-containers_3.2.0.azl0-2_on_azure_linux_3.0
msrcazl3_mozjs_102.15.1-1_on_azure_linux_3.0
msrcazl3_rpm-ostree_2022.1-7_on_azure_linux_3.0
msrcazl3_rpm-ostree_2024.4-1_on_azure_linux_3.0
msrcazl3_rust_1.86.0-1_on_azure_linux_3.0
msrcazl3_rust_h2-0.3.26_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_kata-containers_3.2.0.azl0-1_on_cbl_mariner_2.0
msrccbl2_rpm-ostree_2022.1-7_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.