Description
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
Remediation
References
Related Vulnerabilities
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1648)
WordPress Plugin Loco Translate Unspecified Vulnerability (2.5.4)
WordPress Plugin MyBookTable Bookstore by Author Media Unspecified Vulnerability (2.1.4)
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.9)
WordPress Plugin AGP Font Awesome Collection Cross-Site Scripting (2.7.2)