This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote unauthenticated attacker to DoS condition on the target system.
The weakness exists in the mux_h2.c source code file due to improper H2 frame length checking. The H2 frame length is checked against the max_frame_size setting instead of being checked against the bufsize. A remote attacker can send a request that submits a large H2 frame, trigger heap-based buffer overflow and cause the service to crash.
Install update from vendor's website.Vulnerable software versions
Red Hat Enterprise Linux for x86_64: 7.0 - 7.5
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?