CVE-2023-44487

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 10, 2023

Updated: Aug 14, 2024

CWE ID 400

Summary

CVE-2023-44487 is a denial-of-service vulnerability affecting the HTTP/2 protocol. Malicious actors can consume significant server resources by cancelling requests and resetting multiple streams rapidly. This issue was exploited in the wild between August and October 2023. The vulnerability allows an attacker to cause a denial-of-service condition, impacting the availability of HTTP/2 services.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Red Hat OpenStack Platform
Red Hat Enterprise Linux
Debian
F5 LTM
Fedora Operating System

Affected Vendors

Debian
Red Hat
Fedora Project
Microsoft
F5 Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s1faW3
https://www.cve.org/CVERecord?id=CVE-2023-44487
https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Back to Vulnerability Database