The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
| Vendor | Product | Versions |
|---|---|---|
| ietf | http | < 1.57.0, < 4.1.100, < 9.4.53, < 10.0.17, < 11.0.17, < 12.0.2, < 2.7.5, < 1.20.10, < 1.21.3, < 0.17.0, < 0.17.0, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 1.8.2, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 13.1.5, <= 14.1.5, <= 15.1.10, <= 16.1.4, <= 1.25.2, <= 2.4.2, <= 3.3.0, < r29, <= 8.5.93, <= 9.0.80, <= 10.1.13, < 1.28.0, < 1.56.3, <= 1.59.2, < 1.58.3, < 6.0.23, < 7.0.12, < 6.0.23, < 7.0.12, < 2023-10-08, < 17.2.20, < 17.4.12, < 17.6.8, < 17.7.5, < 10.0.14393.6351, < 10.0.14393.6351, < 10.0.17763.4974, < 10.0.19044.3570, < 10.0.19045.3570, < 10.0.22000.2538, < 10.0.22621.2428, < 18.18.2, < 20.8.1, < 2023-10-11, < 2023-10-10, < 2023.10.16.00, < 3.6.1, < 8.1.9, < 9.2.3, < 2.5.0, < 4.2.2, < 1.17.6, < 1.18.3, < 1.19.1, < 2023-10-10, < 2.10.5, < 2023-10-11, <= 2.12.5, < 1.26.0, < 10.5.3, < 3.4.2, <= 2.414.2, <= 2.427, < 9.4.0, < 1.21.4.3, < 3.2.003.009, < 11.1, < 4.1.3, < 5.0.2, < 6.0.0, < x14.3.3, < 7.4.2, < 4.11.0, < 9.3.3, < 7.2.1, < 3.10.4, < 11.2, < 2.2.0, < 2.19.2, < x14.3.3, < 2024.01.0, < 2024.02.0, < 2024.02.0, < 12.6.2, < 1.22, < 17.15.1, < 7.11.2, < 15.1.0, < 10.2\(7\), < 10.3\(5\), < 10.4\(2\), < 10.2\(7\), < 10.3\(5\), < 10.4\(2\) |
