Description
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2021-2382 Vulnerability (CVE-2021-2382)
Oracle JRE Deserialization of Untrusted Data Vulnerability (CVE-2025-30761)
MySQL Improper Access Control Vulnerability (CVE-2016-0611)
phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-1753)
WordPress Plugin Google Doc Embedder Multiple Vulnerabilities (2.6.1)