CVE-2023-39456

moderate-risk
Published 2023-10-17

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.

Do I need to act?

~
7.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Apache Fedoraproject

References (10)

Mailing List https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
https://www.debian.org/security/2023/dsa-5549
Mailing List https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
https://www.debian.org/security/2023/dsa-5549
45
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 10/34 · Low
Exposure 9/34 · Low