oss-sec mailing list archives

Re: CVE-2016-8740: Apache HTTPD 2.4.17-2.4.23: Server memory can be exhausted and service denied when HTTP/2 is used

From: Leo Famulari <leo () famulari name>
Date: Mon, 5 Dec 2016 13:56:54 -0500

On Mon, Dec 05, 2016 at 07:22:10PM +0100, Solar Designer wrote:

Patch against 2.4.23 release source:


I think you forgot to forward the patch.

Current thread:

CVE-2016-8740: Apache HTTPD 2.4.17-2.4.23: Server memory can be exhausted and service denied when HTTP/2 is used Solar Designer (Dec 05)
- Re: CVE-2016-8740: Apache HTTPD 2.4.17-2.4.23: Server memory can be exhausted and service denied when HTTP/2 is used Leo Famulari (Dec 05)
  - Re: CVE-2016-8740: Apache HTTPD 2.4.17-2.4.23: Server memory can be exhausted and service denied when HTTP/2 is used Solar Designer (Dec 05)