| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-33980 |
400 |
|
DoS |
2023-05-24 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact. |
|
2 |
CVE-2023-33720 |
400 |
|
|
2023-05-26 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. |
|
3 |
CVE-2023-33297 |
400 |
|
DoS |
2023-05-22 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. |
|
4 |
CVE-2023-32787 |
400 |
|
|
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications. |
|
5 |
CVE-2023-32067 |
400 |
|
DoS |
2023-05-25 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. |
|
6 |
CVE-2023-31409 |
400 |
|
|
2023-05-15 |
2023-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.
|
|
7 |
CVE-2023-30798 |
400 |
|
DoS |
2023-04-21 |
2023-04-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service. |
|
8 |
CVE-2023-30570 |
400 |
|
DoS |
2023-05-29 |
2023-06-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. |
|
9 |
CVE-2023-30408 |
400 |
|
|
2023-04-24 |
2023-05-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. |
|
10 |
CVE-2023-30406 |
400 |
|
|
2023-04-24 |
2023-05-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. |
|
11 |
CVE-2023-29479 |
400 |
|
|
2023-04-24 |
2023-05-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Ribose RNP before 0.16.3 may hang when the input is malformed. |
|
12 |
CVE-2023-29013 |
400 |
|
DoS |
2023-04-14 |
2023-05-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.
|
|
13 |
CVE-2023-28882 |
400 |
|
DoS |
2023-04-28 |
2023-05-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. |
|
14 |
CVE-2023-28846 |
400 |
|
DoS |
2023-03-30 |
2023-04-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service (DoS) vulnerability in the `unpoly-rails` gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load balancer's that uses passive health checks. The `unpoly-rails` gem echoes the request URL as an `X-Up-Location` response header. By making a request with exceedingly long URLs (paths or query string), an attacker can cause unpoly-rails to write a exceedingly large response header. If the response header is too large to be parsed by a load balancer downstream of the Rails application, it may cause the load balancer to remove the upstream from a load balancing group. This causes that application instance to become unavailable until a configured timeout is reached or until an active healthcheck succeeds. This issue has been fixed and released as version 2.7.2.2 which is available via RubyGems and GitHub. Users unable to upgrade may: Configure your load balancer to use active health checks, e.g. by periodically requesting a route with a known response that indicates healthiness; Configure your load balancer so the maximum size of response headers is at least twice the maximum size of a URL; or instead of changing your server configuration you may also configure your Rails application to delete redundant `X-Up-Location` headers set by unpoly-rails. |
|
15 |
CVE-2023-28837 |
400 |
|
DoS |
2023-04-03 |
2023-04-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents. Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files. |
|
16 |
CVE-2023-28626 |
400 |
|
|
2023-03-28 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-047` |
|
17 |
CVE-2023-28507 |
400 |
|
|
2023-03-29 |
2023-04-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes. |
|
18 |
CVE-2023-28356 |
400 |
|
|
2023-05-11 |
2023-05-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive. |
|
19 |
CVE-2023-27652 |
400 |
|
DoS +Priv |
2023-04-20 |
2023-04-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the _default_.xml file. |
|
20 |
CVE-2023-27643 |
400 |
|
DoS |
2023-04-14 |
2023-04-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library |
|
21 |
CVE-2023-27484 |
400 |
|
|
2023-03-09 |
2023-03-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`, which could lead to excessive memory usage once such Composition is selected for a Composite resource. Compositions allow users to specify patches inserting elements into arrays at an arbitrary index. When a Composition is selected for a Composite Resource, patches are evaluated and if a specified index is greater than the current size of the target slice, Crossplane will grow that slice up to the specified index, which could lead to an excessive amount of memory usage and therefore the Pod being OOM-Killed. The index is already capped to the maximum value for a uint32 (4294967295) when parsed, but that is still an unnecessarily large value. This issue has been addressed in versions 1.11.2, 1.10.3, and 1.9.2. Users are advised to upgrade. Users unable to upgrade can restrict write privileges on Compositions to only admin users as a workaround. |
|
22 |
CVE-2023-27483 |
400 |
|
|
2023-03-09 |
2023-03-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the `Paved` type's `SetValue` method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the Paved.SetValue method sets a value on the Paved object according to the provided path, without any validation. This allows setting values in slices at any provided index, which grows the target array up to the requested index, the index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value. If callers are not validating paths' indexes on their own, which most probably are not going to do, given that the input is parsed directly in the SetValue method, this could allow users to consume arbitrary amounts of memory. Applications that do not use the `Paved` type's `SetValue` method are not affected. This issue has been addressed in versions 0.16.1 and 0.19.2. Users are advised to upgrade. Users unable to upgrade can parse and validate the path before passing it to the `SetValue` method of the `Paved` type, constraining the index size as deemed appropriate. |
|
23 |
CVE-2023-27270 |
400 |
|
|
2023-03-14 |
2023-04-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
|
|
24 |
CVE-2023-27191 |
400 |
|
DoS |
2023-04-11 |
2023-04-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files. |
|
25 |
CVE-2023-26601 |
400 |
|
|
2023-03-06 |
2023-03-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). |
|
26 |
CVE-2023-26595 |
400 |
|
DoS |
2023-05-23 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. |
|
27 |
CVE-2023-26104 |
400 |
|
DoS |
2023-02-25 |
2023-03-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse. |
|
28 |
CVE-2023-25816 |
400 |
|
|
2023-02-25 |
2023-03-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available. |
|
29 |
CVE-2023-25618 |
400 |
|
|
2023-03-14 |
2023-04-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
|
|
30 |
CVE-2023-25179 |
400 |
|
DoS |
2023-05-10 |
2023-05-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access. |
|
31 |
CVE-2023-25151 |
400 |
|
|
2023-02-08 |
2023-03-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not "forget" previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. This issue has been addressed in version 0.39.0. Users are advised to upgrade. There are no known workarounds for this issue. |
|
32 |
CVE-2023-24862 |
400 |
|
DoS |
2023-03-14 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Secure Channel Denial of Service Vulnerability |
|
33 |
CVE-2023-24594 |
400 |
|
|
2023-05-03 |
2023-05-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
34 |
CVE-2023-24580 |
400 |
|
|
2023-02-15 |
2023-04-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. |
|
35 |
CVE-2023-24574 |
400 |
|
|
2023-02-02 |
2023-02-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users. |
|
36 |
CVE-2023-24545 |
400 |
|
DoS |
2023-04-12 |
2023-04-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic. |
|
37 |
CVE-2023-24534 |
400 |
|
DoS |
2023-04-06 |
2023-05-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. |
|
38 |
CVE-2023-23689 |
400 |
|
DoS |
2023-02-28 |
2023-03-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair built-in hardware management functionality and trigger OneFS data protection mechanism causing a denial of service. |
|
39 |
CVE-2023-23631 |
400 |
|
|
2023-02-09 |
2023-02-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
|
40 |
CVE-2023-23625 |
400 |
|
|
2023-02-09 |
2023-02-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions. |
|
41 |
CVE-2023-23616 |
400 |
|
|
2023-01-28 |
2023-02-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests. |
|
42 |
CVE-2023-23552 |
400 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
43 |
CVE-2023-23524 |
400 |
|
|
2023-02-27 |
2023-03-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, tvOS 16.3.2, watchOS 9.3.1. Processing a maliciously crafted certificate may lead to a denial-of-service. |
|
44 |
CVE-2023-23447 |
400 |
|
|
2023-05-15 |
2023-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged
remote attacker to influence the availability of the webserver by invocing several open file requests via
the REST interface.
|
|
45 |
CVE-2023-23411 |
400 |
|
DoS |
2023-03-14 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Hyper-V Denial of Service Vulnerability |
|
46 |
CVE-2023-23396 |
400 |
|
DoS |
2023-03-14 |
2023-05-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Excel Denial of Service Vulnerability |
|
47 |
CVE-2023-23296 |
400 |
|
DoS |
2023-02-23 |
2023-03-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. |
|
48 |
CVE-2023-23009 |
400 |
|
DoS |
2023-02-21 |
2023-04-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. |
|
49 |
CVE-2023-22874 |
400 |
|
DoS |
2023-05-05 |
2023-05-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216. |
|
50 |
CVE-2023-22664 |
400 |
|
|
2023-02-01 |
2023-02-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
