Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
1.10.0-0ubuntu0.16.04.11.10.0-0ubuntu0.16.04.21.10.0-0ubuntu0.16.04.31.10.0-0ubuntu0.16.04.41.10.3-0ubuntu0.16.04.11.10.3-0ubuntu0.16.04.21.10.3-0ubuntu0.16.04.31.9.10-0ubuntu11.9.10-1ubuntu11.9.11-0ubuntu1+10 more1.10.3-0ubuntu0.16.04.41.12.1-0ubuntu21.13.10-1ubuntu11.13.12-0ubuntu11.13.6-2ubuntu11.13.6-2ubuntu21.14.0-0ubuntu11.14.0-0ubuntu1.11.14.0-0ubuntu1.21.14.0-0ubuntu1.31.14.0-0ubuntu1.4Exploitability
AV:NAC:LPR:LUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H