CVE-2016-6580

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-6580

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6580.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-6580

Aliases

Published

2017-01-10T15:59:00Z

Modified

2025-01-14T06:42:17.461136Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.

References

Affected packages

Git / github.com/python-hyper/priority

Affected ranges

Type: GIT
Repo: https://github.com/python-hyper/priority
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

58feaac48e7ea8019c1a9d8b5c9a3382dfeb493d

Last affected

adec8eabc3587eb2c1b096bbddb902569d80eef7

Last affected

fbdf9c1e3faa5b7148b2dcfae259c556bd29bdbc

Affected versions

v1.*

v1.0.0

v1.1.0