Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/mod_http2@2.0.26-1?arch=el9
Typerpm
Namespaceredhat
Namemod_http2
Version2.0.26-1
Qualifiers
arch el9
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-kkuy-1j91-9bb2
vulnerability_id VCID-kkuy-1j91-9bb2
summary 
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.

This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45802
reference_id
reference_type
scores
0
value 0.01741
scoring_system epss
scoring_elements 0.82453
published_at 2026-04-02T12:55:00Z
1
value 0.01741
scoring_system epss
scoring_elements 0.82548
published_at 2026-04-16T12:55:00Z
2
value 0.01741
scoring_system epss
scoring_elements 0.82516
published_at 2026-04-12T12:55:00Z
3
value 0.01741
scoring_system epss
scoring_elements 0.82511
published_at 2026-04-13T12:55:00Z
4
value 0.01741
scoring_system epss
scoring_elements 0.82471
published_at 2026-04-04T12:55:00Z
5
value 0.01741
scoring_system epss
scoring_elements 0.82467
published_at 2026-04-07T12:55:00Z
6
value 0.01741
scoring_system epss
scoring_elements 0.82495
published_at 2026-04-08T12:55:00Z
7
value 0.01741
scoring_system epss
scoring_elements 0.82501
published_at 2026-04-09T12:55:00Z
8
value 0.01741
scoring_system epss
scoring_elements 0.8252
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45802
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243877
reference_id 2243877
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243877
10
reference_url https://httpd.apache.org/security/json/CVE-2023-45802.json
reference_id CVE-2023-45802
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2023-45802.json
11
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
12
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
13
reference_url https://access.redhat.com/errata/RHSA-2024:2368
reference_id RHSA-2024:2368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2368
14
reference_url https://access.redhat.com/errata/RHSA-2024:2891
reference_id RHSA-2024:2891
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2891
15
reference_url https://access.redhat.com/errata/RHSA-2024:3121
reference_id RHSA-2024:3121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3121
16
reference_url https://usn.ubuntu.com/6506-1/
reference_id USN-6506-1
reference_type
scores
url https://usn.ubuntu.com/6506-1/
fixed_packages
aliases CVE-2023-45802
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkuy-1j91-9bb2
1
url VCID-xnfs-bpwj-3ycp
vulnerability_id VCID-xnfs-bpwj-3ycp
summary 
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern.
This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.

This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43622
reference_id
reference_type
scores
0
value 0.59064
scoring_system epss
scoring_elements 0.98216
published_at 2026-04-02T12:55:00Z
1
value 0.61258
scoring_system epss
scoring_elements 0.98324
published_at 2026-04-16T12:55:00Z
2
value 0.61258
scoring_system epss
scoring_elements 0.98309
published_at 2026-04-07T12:55:00Z
3
value 0.61258
scoring_system epss
scoring_elements 0.98314
published_at 2026-04-09T12:55:00Z
4
value 0.61258
scoring_system epss
scoring_elements 0.98318
published_at 2026-04-13T12:55:00Z
5
value 0.61258
scoring_system epss
scoring_elements 0.98307
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43622
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2245153
reference_id 2245153
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2245153
10
reference_url https://httpd.apache.org/security/json/CVE-2023-43622.json
reference_id CVE-2023-43622
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2023-43622.json
11
reference_url https://security.netapp.com/advisory/ntap-20231027-0011/
reference_id ntap-20231027-0011
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T16:02:28Z/
url https://security.netapp.com/advisory/ntap-20231027-0011/
12
reference_url https://access.redhat.com/errata/RHSA-2024:2368
reference_id RHSA-2024:2368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2368
13
reference_url https://usn.ubuntu.com/6506-1/
reference_id USN-6506-1
reference_type
scores
url https://usn.ubuntu.com/6506-1/
fixed_packages
aliases CVE-2023-43622
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnfs-bpwj-3ycp
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mod_http2@2.0.26-1%3Farch=el9