reassign 1034723 rust-h2
thanks
The following vulnerability was published for rust-hyper.
CVE-2023-26964[0]:
|/An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking /|/occurs
when the H2 component processes HTTP2 RST_STREAM frames. As a /|/result, the
memory and CPU usage are high which can lead to a Denial /|/of Service (DoS). /
https://github.com/hyperium/hyper/issues/2877
https://github.com/hyperium/h2/commit/5bc8e72e5fcbd8ae2d3d9bc78a1c0ef0040bcc39
(v0.3.17)
I've just read though the github threads, it seems that although
this was initially filed against the hyper crate the actual
issue/fix was in the h2 crate. This has also been filed in the
rustsec database at https://rustsec.org/advisories/RUSTSEC-2023-0034.html
