Source: rust-hyper X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for rust-hyper. CVE-2023-26964[0]: | An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking | occurs when the H2 component processes HTTP2 RST_STREAM frames. As a | result, the memory and CPU usage are high which can lead to a Denial | of Service (DoS). https://github.com/hyperium/hyper/issues/2877 https://github.com/hyperium/h2/commit/5bc8e72e5fcbd8ae2d3d9bc78a1c0ef0040bcc39 (v0.3.17) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-26964 https://www.cve.org/CVERecord?id=CVE-2023-26964 Please adjust the affected versions in the BTS as needed.