VulnerableCode Package Details - pkg:cargo/h2@0.3.17

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:cargo/h2@0.3.17

Essentials
History (1)

purl	pkg:cargo/h2@0.3.17

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-mt5t-ymhy-xuhp	h2 vulnerable to denial of service Hyper is an HTTP library for Rust and h2 is an HTTP 2.0 client & server implementation for Rust. An issue was discovered in h2 v0.2.4 when processing header frames. It incorrectly processes the HTTP2 `RST_STREAM` frames by not always releasing the memory immediately upon receiving the reset frame, leading to stream stacking. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS). This issue affects users only when dealing with http2 connections.	CVE-2023-26964 GHSA-f8vr-r385-rh5r

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T16:59:17.226443+00:00	GHSA Importer	Fixing	VCID-mt5t-ymhy-xuhp	https://github.com/advisories/GHSA-f8vr-r385-rh5r	38.1.0