A closing HTTP/2 server connection could hang forever waiting for a clean shutdown that was preempted by a subsequent fatal error. This failure mode could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu for reporting this.
This was a PRIVATE issue for CVE-2022-27664 tracked in http://b/219507101.
Backport issues: #53977 #54376
(I forgot to create the non-backport issue when making the backports, doing so now.)
A closing HTTP/2 server connection could hang forever waiting for a clean shutdown that was preempted by a subsequent fatal error. This failure mode could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu for reporting this.
This was a PRIVATE issue for CVE-2022-27664 tracked in http://b/219507101.
Backport issues: #53977 #54376
(I forgot to create the non-backport issue when making the backports, doing so now.)