How severe is CVE-2023-45802?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-45802?

This is classified as CWE-404, which is a common weakness in software security.

CVE-2023-45802

MEDIUM Year: 2023

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-404

View all →

Vulnerability Description

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue.

CVE-2018-1000808

MEDIUM

CVSS:5.9(Medium)

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial...

CWE-4042018

CVE-2019-1705

MEDIUM

CVSS:5.9(Medium)

A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition...

CWE-4042019

CVE-2021-26906

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16...

CWE-4042021

CVE-2022-3533

MEDIUM

CVSS:5.7(Medium)

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of t...

CWE-4042022

CVE-2022-3563

MEDIUM

CVSS:5.7(Medium)

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulat...

CWE-4042022

CVE-2020-4756

MEDIUM

CVSS:6.2(Medium)

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the...

CWE-4042020

CVE-2023-45802

Vulnerability Description

Related Vulnerabilities

CVE-2018-1000808

CVE-2019-1705

CVE-2021-26906

CVE-2022-3533

CVE-2022-3563

CVE-2020-4756