rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Assigned RUSTSEC-2023-0034 to h2 (#1687)

Browse Source 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
2023-04-20 13:17:55 -06:00
committed by GitHub
parent 7ca4586eb8
commit cab69cc909
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.duplicate-id-guard
View File

@@ -1,3 +1,3 @@
This file causes merge conflicts if two ID assignment jobs run concurrently.
This prevents duplicate ID assignment due to a race between those jobs.
5939f363a07849c25ca69e87e2a4961fd6d91882fe86fbdb14c315bfc03b7a24 -
b39c2f9154efdb9539b9db4296b1d8114dd98705de56d45a8472de7e678c8e20 -

4
crates/h2/RUSTSEC-0000-0000.md → crates/h2/RUSTSEC-2023-0034.md
View File

@@ -1,6 +1,6 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
id = "RUSTSEC-2023-0034"
package = "h2"
date = "2023-04-14"
url = "https://github.com/hyperium/hyper/issues/2877"
@@ -15,4 +15,4 @@ patched = [">= 0.3.17"]
If an attacker is able to flood the network with pairs of `HEADERS`/`RST_STREAM` frames, such that the `h2` application is not able to accept them faster than the bytes are received, the pending accept queue can grow in memory usage. Being able to do this consistently can result in excessive memory use, and eventually trigger Out Of Memory.
This flaw is corrected in [hyperium/h2#668](https://github.com/hyperium/h2/pull/668), which restricts remote reset stream count by default.
This flaw is corrected in [hyperium/h2#668](https://github.com/hyperium/h2/pull/668), which restricts remote reset stream count by default.