JLSEC-2026-3

Risk Scores

Affected Products

Timeline

• Mar 23, 2026 CVE Published
• Mar 23, 2026 CVE Updated
• May 1, 2026 Distribution Patch
• May 1, 2026 Distribution Patch
• May 1, 2026 Distribution Patch
• May 1, 2026 Distribution Patch
• May 1, 2026 Distribution Patch
• May 1, 2026 Distribution Patch

References

• http://www.openwall.com/lists/oss-security/2023/10/10/6 url
• http://www.openwall.com/lists/oss-security/2023/10/10/7 url
• http://www.openwall.com/lists/oss-security/2023/10/13/4 url
• http://www.openwall.com/lists/oss-security/2023/10/13/9 url
• http://www.openwall.com/lists/oss-security/2023/10/18/4 url
• http://www.openwall.com/lists/oss-security/2023/10/18/8 url
• http://www.openwall.com/lists/oss-security/2023/10/19/6 url
• http://www.openwall.com/lists/oss-security/2023/10/20/8 url
• https://access.redhat.com/security/cve/cve-2023-44487 url
• https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ url
• https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ url
• https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ url
• https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ url
• https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ url
• https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack url
• https://blog.vespa.ai/cve-2023-44487/ url
• https://bugzilla.proxmox.com/show_bug.cgi?id=4988 url
• https://bugzilla.redhat.com/show_bug.cgi?id=2242803 url
• https://bugzilla.suse.com/show_bug.cgi?id=1216123 url
• https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 url

…and 148 more