Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
0.6.7-11.3.4-21.4.0-11.4.0-21.5.0-21.6.0-11.7.0-11.7.1-11.7.1-1ubuntu0.1~esm11.7.1-1ubuntu0.1~esm21.25.0-11.27.0-11.28.0-11.29.0-11.29.0-1build11.30.0-11.30.0-1ubuntu11.30.0-1ubuntu1+esm11.30.0-1ubuntu1+esm21.39.2-11.10.0-0ubuntu0.16.04.11.10.0-0ubuntu0.16.04.21.10.0-0ubuntu0.16.04.31.10.0-0ubuntu0.16.04.41.10.3-0ubuntu0.16.04.11.10.3-0ubuntu0.16.04.21.10.3-0ubuntu0.16.04.31.9.10-0ubuntu11.9.10-1ubuntu11.9.11-0ubuntu1+10 more1.10.3-0ubuntu0.16.04.41.12.1-0ubuntu21.13.10-1ubuntu11.13.12-0ubuntu11.13.6-2ubuntu11.13.6-2ubuntu21.14.0-0ubuntu11.14.0-0ubuntu1.11.14.0-0ubuntu1.21.14.0-0ubuntu1.31.14.0-0ubuntu1.40.10.15~dfsg1-40.10.21~dfsg1-10.10.22~dfsg1-20.10.23~dfsg1-10.10.23~dfsg1-20.10.23~dfsg1-30.10.24~dfsg1-10.10.25~dfsg2-20.10.25~dfsg2-2ubuntu10.10.25~dfsg2-2ubuntu1.2+2 more0.10.25~dfsg2-2ubuntu14.2.2~dfsg-14.2.3~dfsg-14.2.4~dfsg-1ubuntu14.2.4~dfsg-24.2.6~dfsg-1ubuntu14.2.6~dfsg-1ubuntu44.2.6~dfsg-1ubuntu4.14.2.6~dfsg-1ubuntu4.24.2.6~dfsg-1ubuntu4.2+esm1+2 more6.11.4~dfsg-1ubuntu16.11.4~dfsg-1ubuntu26.12.0~dfsg-1ubuntu16.12.0~dfsg-2ubuntu16.12.0~dfsg-2ubuntu28.10.0~dfsg-28.10.0~dfsg-2ubuntu0.28.10.0~dfsg-2ubuntu0.38.10.0~dfsg-2ubuntu0.48.10.0~dfsg-2ubuntu0.4+esm1+5 more10.15.2~dfsg-2ubuntu110.17.0~dfsg-2ubuntu410.17.0~dfsg-2ubuntu610.19.0~dfsg-3ubuntu112.22.5~dfsg-5ubuntu112.22.7~dfsg-2ubuntu112.22.7~dfsg-2ubuntu312.22.9~dfsg-1ubuntu212.22.9~dfsg-1ubuntu3Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H