CVE-2016-6580

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-6580
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6580.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-6580
Aliases
Published
2017-01-10T15:59:00.377Z
Modified
2026-04-10T03:52:41.796733Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.

References

Affected packages

Git / github.com/python-hyper/priority

Affected ranges

Type
GIT
Repo
https://github.com/python-hyper/priority
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fbdf9c1e3faa5b7148b2dcfae259c556bd29bdbc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
58feaac48e7ea8019c1a9d8b5c9a3382dfeb493d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
adec8eabc3587eb2c1b096bbddb902569d80eef7
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.1"
        }
    ]
}

Affected versions

v1.*
v1.0.0
v1.1.0
v1.1.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6580.json"