Publish GHSA-f8vr-r385-rh5r

github · Apr 12, 2023 · aa9e5d5 · aa9e5d5
1 parent c38caa2
commit aa9e5d5
Showing 1 changed file with 3 additions and 22 deletions.
diff --git a/advisories/github-reviewed/2023/04/GHSA-f8vr-r385-rh5r/GHSA-f8vr-r385-rh5r.json b/advisories/github-reviewed/2023/04/GHSA-f8vr-r385-rh5r/GHSA-f8vr-r385-rh5r.json
@@ -1,36 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f8vr-r385-rh5r",
-  "modified": "2023-04-11T21:47:01Z",
+  "modified": "2023-04-12T18:25:02Z",
   "published": "2023-04-11T15:30:30Z",
   "aliases": [
     "CVE-2023-26964"
   ],
   "summary": "hyper and h2 vulnerable to denial of service",
-  "details": "Hyper is an HTTP library for Rust and h2 is an HTTP 2.0 client & server implementation for Rust. An issue was discovered in hyper v0.13.7 and h2 v0.2.4 when proessing header frames. Both packages incorrectly process the HTTP2 `RST_STREAM` frames by not always releasing the memory immediately upon receiving the reset frame, leading to stream stacking. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).\n\nAs of time of publication of this advisory, there is no evidence of a fix having been incorporated into hyper or h2.",
+  "details": "Hyper is an HTTP library for Rust and h2 is an HTTP 2.0 client & server implementation for Rust. An issue was discovered in h2 v0.2.4 when processing header frames. Both packages incorrectly process the HTTP2 `RST_STREAM` frames by not always releasing the memory immediately upon receiving the reset frame, leading to stream stacking. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).\n\nAs of time of publication of this advisory, there is no evidence of a fix having been incorporated into h2.",
   "severity": [
 
   ],
   "affected": [
-    {
-      "package": {
-        "ecosystem": "crates.io",
-        "name": "hyper"
-      },
-      "ranges": [
-        {
-          "type": "ECOSYSTEM",
-          "events": [
-            {
-              "introduced": "0"
-            },
-            {
-              "last_affected": "0.14.25"
-            }
-          ]
-        }
-      ]
-    },
     {
       "package": {
         "ecosystem": "crates.io",
@@ -73,7 +54,7 @@
     "cwe_ids": [
 
     ],
-    "severity": "HIGH",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2023-04-11T21:47:01Z",
     "nvd_published_at": "2023-04-11T14:15:00Z"