Synology Security Advisory SA-23:14 HTTP/2 Rapid Reset Attack
None of firm's products affected by CVE-2023-44487
This is a Press Release edited by StorageNewsletter.com on October 24, 2023 at 2:01 pmSynology, Inc. had published a security advisory concerning HTTP/2 Rapid Reset Attack vunerability.
Publish time: 2023-10-13 14:13:17 UTC+8
Last updated: 2023-10-13 14:13:17 UTC+8
Severity : Not affected
Status : Resolved
Abstract
None of Synology’s products are affected by CVE-2023-44487.
Affected products
-
Product
Severity
Fixed release availability
DSM 7.2
Not affected
N/A
DSM 7.1
Not affected
N/A
DSM 6.2
Not affected
N/A
DSMUC 3.1
Not affected
N/A
SRM 1.3
Not affected
N/A
VS Firmware 3.0
Not affected
N/A
Mitigation: None
Detail
- CVE-2023-44487
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Reference
Revision
-
Revision
Date
Description
1
2023-10-13
Initial public release
Share this news :
Subscribe to our free daily newsletter
