Jinwoo Hwang created GEODE-10591:
------------------------------------

             Summary: Remediation of CVE-2026-49268
                 Key: GEODE-10591
                 URL: https://issues.apache.org/jira/browse/GEODE-10591
             Project: Geode
          Issue Type: Improvement
            Reporter: Jinwoo Hwang
            Assignee: Jinwoo Hwang


Affected versions of this package are vulnerable to Allocation of Resources 
Without Limits or Throttling due to the lack of enforced limits in the 
`HPackDecoder` process. An attacker can exhaust system memory by sending 
oversized compressed header blocks before the HTTP/2 SETTINGS acknowledgement 
applies the configured header list size limit.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to