Your submission was sent successfully! Close

CVE-2020-9494

Published: 24 June 2020

Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
trafficserver
Launchpad, Ubuntu, Debian
bionic Needed

eoan Ignored
(reached end-of-life)
focal Needed

groovy Not vulnerable
(8.0.8+ds-1)
hirsute Not vulnerable
(8.0.8+ds-1)
impish Not vulnerable
(8.0.8+ds-1)
jammy Not vulnerable
(8.0.8+ds-1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)