CVE-2020-13934

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13934
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13934.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13934
Aliases
Related
Published
2020-07-14T15:15:11Z
Modified
2024-09-18T01:00:19Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

References

Affected packages

Debian:11 / tomcat9

Package

Name
tomcat9
Purl
pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.37-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / tomcat9

Package

Name
tomcat9
Purl
pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.37-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / tomcat9

Package

Name
tomcat9
Purl
pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.37-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Last affected
10e04de1946981261a734507f4a6d953e2a206fe
Last affected
24566c02fb917a6ca1b6479a60971b0d8acd895c
Introduced
3c78e95e36268dfb76db1570f0cf49104fa6eabc
Last affected
247c8e5ad08cdcd829a0bfc6374ecb3da0e5838e
Last affected
27f7ef8cd0c637b700d564ec20f6ff92901f6b5c
Last affected
35071e7e52f296b9187b054b0efd74121b7db3bd
Last affected
3bd48aab236e5bf0ed1644e9f0c588fd20e503ab
Introduced
389365303d986b2a918bc95f39421b27a2c9ff30
Last affected
4560d2f5a49965f73ed07cb879f17d9c096c9d13
Last affected
45f8fd74cdb96490fab8709263a4d862f0d429cf
Last affected
59e713216cf2256aacc54f6ba627865f356f9e4e
Last affected
600dc8ba5d9be7599d29bff83c342213d93b034e
Last affected
642d3dd4d50ea1f03f9827962e4fc982a123bb78
Last affected
65ddc3a3872ea41ca67fec7b6834c704b6893361
Last affected
772df65db45cfccc2aad33b9b51ef9ab14c19626
Last affected
7dc5e29fe49850102261badf158752d6865311e4
Last affected
8c48678b110f3fbbe66f6dde0e45d2578fa92c29
Last affected
9c5edb840d9413c1408e7c191bc0e1bbfcd9e07f
Last affected
aac670afe1226e10513021100fce8a12344743c6
Last affected
ab04166fac59fcf9b3be3aab1c8b896842782d4c
Last affected
aba238718ac9b149d25feaa9a14ecad3b0e3a5e2
Last affected
b0b074b683ed2e09ff9e9755825bfce83d303a93
Last affected
b3a208c6d6d01c553178c5e718e750b0eb318151
Last affected
b5a74e3c7913c560648f0ffedfbbb3ebe4318def
Last affected
c2c8107f0cea4755497a85990807b883b66f6b57
Last affected
c5efed313de1a181f4f9f98f5023117f3b911257
Last affected
c7b84102600d600bcc527560d9c4d10c3fd440ab
Last affected
cac0e029dcced854eeca7444710e78e412dc2c2a
Last affected
d8ebf61e51b4455e3c226751e492a533f9002d48
Last affected
d971ce1bdf8b8e8de93fb41454f4ce2e815ee936
Last affected
de128d72af746184e035ff1b53629f08cb141a04
Last affected
eb684224706fe1d8ef5610c8d79dc403e1038393
Last affected
fe854ab1f111396458d98fa2ab08c693ce9407e1