Description
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-0665 Vulnerability (CVE-2016-0665)
WordPress Plugin Newsletter-Send awesome emails from WordPress Multiple Vulnerabilities (6.8.1)
Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.12)
WordPress Plugin Age Gate Open Redirect (2.13.4)
WordPress Plugin Events Shortcodes For The Events Calendar Cross-Site Scripting (1.7.1)