Unrated severityNVD Advisory· Published Feb 21, 2023· Updated Mar 17, 2025
CVE-2022-31394
CVE-2022-31394
Description
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
Affected products
24- Hyperium/Hyperium Hyperdescription
- osv-coords23 versionspkg:deb/ubuntu/rust-hyper@0.12.35-1?arch=source&distro=focalpkg:rpm/opensuse/aws-nitro-enclaves-cli&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/pijul&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rustup&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/rustup&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/rustup&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/sccache&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/sccache&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/sccache&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/wasm-pack&distro=openSUSE%20Tumbleweedpkg:rpm/suse/aws-nitro-enclaves-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/gstreamer-plugins-rs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/gstreamer-plugins-rs&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP4pkg:rpm/suse/rustup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/rustup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/sccache&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/sccache&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/sccache&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/sccache&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/sccache&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/sccache&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/sccache&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/sccache&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
>= 0+ 22 more
- (no CPE)range: >= 0
- (no CPE)range: < 1.2.2~git0.4ccc639-150400.3.3.1
- (no CPE)range: < 1.0.0~beta.4-1.1
- (no CPE)range: < 1.26.0~0-150400.3.7.1
- (no CPE)range: < 1.26.0~0-150400.3.7.1
- (no CPE)range: < 1.25.2~0-2.1
- (no CPE)range: < 0.4.2~3-150400.3.3.1
- (no CPE)range: < 0.4.2~3-150400.3.3.1
- (no CPE)range: < 0.4.0pre.7~0-2.1
- (no CPE)range: < 0.11.0~0-1.1
- (no CPE)range: < 1.2.2~git0.4ccc639-150400.3.3.1
- (no CPE)range: < 0.8.2-150400.3.3.1
- (no CPE)range: < 0.8.2-150400.3.3.1
- (no CPE)range: < 1.26.0~0-150400.3.7.1
- (no CPE)range: < 1.26.0~0-150400.3.7.1
- (no CPE)range: < 0.4.1~18-150300.7.12.1
- (no CPE)range: < 0.4.1~18-150300.7.12.1
- (no CPE)range: < 0.4.1~18-150300.7.12.1
- (no CPE)range: < 0.4.2~3-150400.3.3.1
- (no CPE)range: < 0.4.2~3-150400.3.3.1
- (no CPE)range: < 0.4.1~18-150300.7.12.1
- (no CPE)range: < 0.4.1~18-150300.7.12.1
- (no CPE)range: < 0.4.1~18-150300.7.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.