FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

trafficserver -- resource consumption

Affected packages
trafficserver < 8.0.8

Details

VuXML ID 6fd773d3-bc5a-11ea-b38d-f0def1d0c3ea
Discovery 2020-06-24
Entry 2020-07-02

Bryan Call reports:

ATS is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.

[source]

References

CVE Name CVE-2020-9494
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9494

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.