VYPR
High severity7.5NVD Advisory· Published Jan 10, 2017· Updated Jun 17, 2026

CVE-2016-6580

CVE-2016-6580

Description

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
priorityPyPI
< 1.2.01.2.0

Affected products

4
  • cpe:2.3:a:python:python_priority_library:1.0.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:python:python_priority_library:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python_priority_library:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python_priority_library:1.1.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 1.2.0

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.