Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-32?arch=el8jbcs
Typerpm
Namespaceredhat
Namejbcs-httpd24-mod_http2
Version1.15.19-32
Qualifiers
arch el8jbcs
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-kkuy-1j91-9bb2
vulnerability_id VCID-kkuy-1j91-9bb2
summary 
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.

This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45802
reference_id
reference_type
scores
0
value 0.01741
scoring_system epss
scoring_elements 0.82453
published_at 2026-04-02T12:55:00Z
1
value 0.01741
scoring_system epss
scoring_elements 0.82495
published_at 2026-04-08T12:55:00Z
2
value 0.01741
scoring_system epss
scoring_elements 0.82516
published_at 2026-04-12T12:55:00Z
3
value 0.01741
scoring_system epss
scoring_elements 0.82511
published_at 2026-04-13T12:55:00Z
4
value 0.01741
scoring_system epss
scoring_elements 0.82548
published_at 2026-04-18T12:55:00Z
5
value 0.01741
scoring_system epss
scoring_elements 0.82471
published_at 2026-04-04T12:55:00Z
6
value 0.01741
scoring_system epss
scoring_elements 0.82467
published_at 2026-04-07T12:55:00Z
7
value 0.01741
scoring_system epss
scoring_elements 0.82501
published_at 2026-04-09T12:55:00Z
8
value 0.01741
scoring_system epss
scoring_elements 0.8252
published_at 2026-04-11T12:55:00Z
9
value 0.0225
scoring_system epss
scoring_elements 0.84611
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45802
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243877
reference_id 2243877
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243877
10
reference_url https://httpd.apache.org/security/json/CVE-2023-45802.json
reference_id CVE-2023-45802
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2023-45802.json
11
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
12
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
13
reference_url https://access.redhat.com/errata/RHSA-2024:2368
reference_id RHSA-2024:2368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2368
14
reference_url https://access.redhat.com/errata/RHSA-2024:2891
reference_id RHSA-2024:2891
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2891
15
reference_url https://access.redhat.com/errata/RHSA-2024:3121
reference_id RHSA-2024:3121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3121
16
reference_url https://usn.ubuntu.com/6506-1/
reference_id USN-6506-1
reference_type
scores
url https://usn.ubuntu.com/6506-1/
fixed_packages
aliases CVE-2023-45802
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkuy-1j91-9bb2
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-32%3Farch=el8jbcs