CVE-2022-31394
Summary
| CVE | CVE-2022-31394 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-02-21 14:15:00 UTC |
| Updated | 2023-03-02 16:05:00 UTC |
| Description | Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. |
Risk And Classification
Problem Types: CWE-770
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Comparing v0.14.18...v0.14.19 · hyperium/hyper · GitHub | CONFIRM | github.com | |
| Allow specifying the HTTP/2 SETTINGS_MAX_HEADER_LIST_SIZE · Issue #2826 · hyperium/hyper · GitHub | MISC | github.com | |
| feat(h2): add max_header_list_size by silence-coding · Pull Request #2828 · hyperium/hyper · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 183192 Debian Security Update for rust-hyper (CVE-2022-31394)
- 354823 Amazon Linux Security Advisory for aws-nitro-enclaves-cli : ALAS2NITRO-ENCLAVES-2023-021
- 355244 Amazon Linux Security Advisory for aws-nitro-enclaves-cli : ALAS2023-2023-129
- 755600 SUSE Enterprise Linux Security Update for gstreamer-plugins-rs (SUSE-SU-2024:0090-1)
- 755856 SUSE Enterprise Linux Security Update for sccache (SUSE-SU-2023:2637-1)
- 905620 Common Base Linux Mariner (CBL-Mariner) Security Update for rpm-ostree (13685)
- 906646 Common Base Linux Mariner (CBL-Mariner) Security Update for rpm-ostree (13685-3)