CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST

CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST

Open Source Security 

Posted by Stefan Eissing on Oct 19

Severity: moderate

Affected versions:

– Apache HTTP Server 2.4.17 through 2.4.57

Description:

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request’s memory resources
were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new
requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert