RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood


> Degradation of service in h2 servers with CONTINUATION Flood

| Details             |                                                |
| ------------------- | ---------------------------------------------- |
| Package             | `h2`                      |
| Version             | `0.2.7`                   |
| Date                | 2024-04-03                         |
| Patched versions    | `^0.3.26,>=0.4.4`                  |

An attacker can send a flood of CONTINUATION frames, causing `h2` to process them indefinitely.
This results in an increase in CPU usage.

Tokio task budget helps prevent this from a complete denial-of-service, as the server can still
respond to legitimate requests, albeit with increased latency.

More details at &quot;https://seanmonstar.com/blog/hyper-http2-continuation-flood/.

Patches available for 0.4.x and 0.3.x versions.

See [advisory page](https://rustsec.org/advisories/RUSTSEC-2024-0332.html) for additional details.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood #6

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Details
Package	`h2`
Version	`0.2.7`
Date	2024-04-03
Patched versions	`^0.3.26,>=0.4.4`

RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood #6

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions