You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Degradation of service in h2 servers with CONTINUATION Flood
Details
Package
h2
Version
0.3.21
Date
2024-04-03
Patched versions
^0.3.26,>=0.4.4
An attacker can send a flood of CONTINUATION frames, causing h2 to process them indefinitely.
This results in an increase in CPU usage.
Tokio task budget helps prevent this from a complete denial-of-service, as the server can still
respond to legitimate requests, albeit with increased latency.
h20.3.21^0.3.26,>=0.4.4An attacker can send a flood of CONTINUATION frames, causing
h2to process them indefinitely.This results in an increase in CPU usage.
Tokio task budget helps prevent this from a complete denial-of-service, as the server can still
respond to legitimate requests, albeit with increased latency.
More details at "https://seanmonstar.com/blog/hyper-http2-continuation-flood/.
Patches available for 0.4.x and 0.3.x versions.
See advisory page for additional details.
The text was updated successfully, but these errors were encountered: