CVE-2020-13934

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-13934
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13934.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13934
Aliases
Downstream
Related
Published
2020-07-14T15:15:11.007Z
Modified
2026-02-25T01:19:53.393054Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
10e04de1946981261a734507f4a6d953e2a206fe
Introduced
389365303d986b2a918bc95f39421b27a2c9ff30
Last affected
4560d2f5a49965f73ed07cb879f17d9c096c9d13
Introduced
3c78e95e36268dfb76db1570f0cf49104fa6eabc
Last affected
247c8e5ad08cdcd829a0bfc6374ecb3da0e5838e

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13934.json"