Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the `verifyContinuationFrame` function. An attacker can cause excessive CPU consumption and render the server unresponsive by sending a large number of zero-byte `CONTINUATION` frames, bypassing existing size-based mitigations. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `io.netty:netty-codec-http2` to version 4.1.132.Final, 4.2.10.Final or higher.	[,4.1.132.Final)[4.2.0.Alpha1,4.2.10.Final)

Allocation of Resources Without Limits or Throttling

io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the verifyContinuationFrame function. An attacker can cause excessive CPU consumption and render the server unresponsive by sending a large number of zero-byte CONTINUATION frames, bypassing existing size-based mitigations.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade io.netty:netty-codec-http2 to version 4.1.132.Final, 4.2.10.Final or higher.

[,4.1.132.Final)[4.2.0.Alpha1,4.2.10.Final)

Go back to all versions of this package