nghttp2: fix CVE-2023-44487 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	aszh07 <mail2szahir@gmail.com>	2024-03-21 15:33:32 +0530
committer	Steve Sakoman <steve@sakoman.com>	2024-04-05 07:23:58 -0700
commit	cf1c9d3daaccb5909d19d1cf4baaa6a152e0e73a (patch)
tree	34ce7b2faf0214e245486515bdb258ae80dc3474 /scripts/lib/devtool/utilcmds.py
parent	b6f6c729453cb88961488e3332046517e2fe99bb (diff)
download	poky-cf1c9d3daaccb5909d19d1cf4baaa6a152e0e73a.tar.gz

nghttp2: fix CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. References: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832 (From OE-Core rev: 0156b57dcdb2e5acdd9421a7c24c235f13da2d97) Signed-off-by: Zahir Hussain <zahir.basha@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/utilcmds.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: