How severe is CVE-2022-31394?

CVE-2022-31394 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-31394

Name: hyper
Author: hyper

7.5HIGH

Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.

Опубликовано: 2/21/2023Обновлено: 3/17/2025

Описание

Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.

ИИ-АнализНа базе ИИ

Затронутые продукты

hyperhyper

Ссылки

https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19
Patch
https://github.com/hyperium/hyper/issues/2826
ExploitIssue TrackingPatchVendor Advisory
https://github.com/hyperium/hyper/pull/2828
Issue TrackingPatch
https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19
Patch
https://github.com/hyperium/hyper/issues/2826
ExploitIssue TrackingPatchVendor Advisory
https://github.com/hyperium/hyper/pull/2828
Issue TrackingPatch