Description
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP to Twitter Cross-Site Request Forgery (3.2.9)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-34944)
WordPress Plugin Simple File List Arbitrary File Deletion (4.2.7)
Moodle Other Vulnerability (CVE-2006-0147)
Atlassian Jira Observable Discrepancy Vulnerability (CVE-2020-4028)