​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-6774-f4f4-5fh3

Published

Last updated

https://images.chainguard.dev/security/CGA-6774-f4f4-5fh3
Package

wavefront-proxy

Latest Update
Fixed
Fixed Version

13.3-r1

Aliases
  • GHSA-xpw8-rcwv-8f8p

Severity

7.5

High

CVSS V3

Summary

io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

Description

A client might overload the server by issue frequent RST frames. This can cause a massive amount of load on the remote system and so cause a DDOS attack.

Impact

This is a DDOS attack, any http2 server is affected and so you should update as soon as possible.

Patches

This is patched in version 4.1.100.Final.

Workarounds

A user can limit the amount of RST frames that are accepted per connection over a timeframe manually using either an own Http2FrameListener implementation or an ChannelInboundHandler implementation (depending which http2 API is used).

References

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images