angler-fishThe Vulnerability History Project

SECURITY: CVE-2016-8740

      mod_http2: properly crafted, endless HTTP/2 CONTINUATION frames could be used to exhaust all server's memory.

Reported by: Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State University



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772576 13f79535-47bb-0310-9956-ffa450edef68
by Brooke the Heron 2016-12-04 22:06:30 UTC
commit c671673db96e286e2321d5babf05c767cb76a1ef
HTTPD Fix CVE-2016-8740
CHANGES
-4
modules/http2/h2_session.c
+2 -9
modules/http2/h2_stream.c
+28 -33
expand_less