CVE-2023-26964 — Vulnetix

CVE-2023-26964 PUBLISHED CVSS 8.699999809265137 HIGH

h2 vulnerable to denial of service

EPSS 0.32% · 55.1th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.32%

55.1th percentile

Affected Products

Vendor	Product	Versions
hyper	hyper	0.13.7, 0.13.7, 0.13.7
hyper	h2	0.2.4, 0.2.4, 0.2.4
n/a	n/a	n/a, n/a
crates.io	h2	0, 0, 0

Timeline

Apr 11, 2023 CVE Published
Apr 11, 2023 PoC Published
Apr 12, 2023 EPSS Score
May 1, 2023 CVE Updated
May 20, 2023 EPSS Score
Jun 26, 2023 EPSS Score
Aug 3, 2023 EPSS Score
Sep 10, 2023 EPSS Score
Oct 17, 2023 EPSS Score
Nov 24, 2023 EPSS Score
Jan 1, 2024 EPSS Score
Feb 7, 2024 EPSS Score

References

https://github.com/hyperium/hyper/issues/2877 url
FEDORA-2023-cc21019773 vendor-advisory
FEDORA-2023-37ae269843 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-26964 advisory
https://github.com/hyperium/h2/issues/621 url
https://github.com/hyperium/h2/pull/668 url
https://github.com/hyperium/hyper package
https://rustsec.org/advisories/RUSTSEC-2023-0034.html url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›