CVE

Id
93400  
CVE No.
CVE-2016-6580  
Status
Candidate  
Description
A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.  
Phase
Assigned (20160803)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
793614 93400 CVE-2016-6580 CONFIRM:https://python-hyper.org/priority/en/latest/security/CVE-2016-6580.html  View
793615 93400 CVE-2016-6580 BID:92311  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
3739 JVNDB-2016-004512 GNU Mailman のユーザオプションページにおけるクロスサイトリクエストフォージェリの脆弱性 GNU Mailman のユーザオプションページには、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2016-6893 93400 6.8 8.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004512.html  View