CVE-2020-13934

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13934
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13934.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13934
Aliases
Downstream
Related
Published
2020-07-14T15:15:11Z
Modified
2025-08-09T19:01:27Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Last affected
Last affected
Introduced
Last affected
Last affected
Last affected
Last affected
Introduced
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected