CVE-2023-44487

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 10, 2023

Updated: Dec 20, 2024

CWE ID 400

Summary

CVE-2023-44487 is a denial-of-service vulnerability affecting the HTTP/2 protocol. Maliciously crafted requests can cause server resource consumption by rapidly resetting streams during cancellation. This issue, which was exploited in the wild between August and October 2023, allows attackers to overload servers and disrupt their availability. The HTTP/2 specification does not adequately address the potential for excessive resource usage during stream cancellation, making affected systems susceptible to this type of attack.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Red Hat OpenStack Platform
Red Hat Enterprise Linux
Debian
F5 LTM
Fedora Operating System

Affected Vendors

Debian
Red Hat
Fedora Project
Microsoft
F5

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners