{"id":"CVE-2020-9494","details":"Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.","modified":"2026-04-11T23:13:41.294864Z","published":"2020-06-24T16:15:11.067Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2021/03/01/2"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rf7f86917f42fdaf904d99560cba0c016e03baea6244c47efeb60ecbe%40%3Cdev.trafficserver.apache.org%3E"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4710"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/trafficserver","events":[{"introduced":"27f8e2cda9133864e6ffae0224c799fde5f10290"},{"last_affected":"eaed59510bda6f1d27854d9d3f07aace2afffc16"},{"introduced":"6c1c6cf20e7d0e287d697a0f4181436013d17c30"},{"last_affected":"439a7cfcb70dcb92485dd6989af80d9f900d1f99"},{"introduced":"b310e3566f58dd04ec2b15b111ec86ea70e20019"},{"last_affected":"ac05db1ca58e990e0d2c49b57e5b6364df71dabc"},{"introduced":"0"},{"last_affected":"3fa146678bc6a061722f4ea930998ae29ad70de3"}],"database_specific":{"cpe":["cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"6.0.0"},{"last_affected":"6.2.3"},{"introduced":"7.0.0"},{"last_affected":"7.1.10"},{"introduced":"8.0.0"},{"last_affected":"8.0.7"},{"introduced":"0"},{"last_affected":"10.0"}],"source":"CPE_FIELD"}}],"versions":["10.0.0","10.0.0-rc0","3.1.2","3.3.0","3.3.1","6.2.0","6.2.0-rc0","6.2.0-rc1","6.2.0-rc2","6.2.0-rc3","6.2.1","6.2.1-rc0","6.2.2","6.2.2-rc0","6.2.3","6.2.3-rc0","7.1.0","7.1.0-rc0","7.1.0-rc1","7.1.1","7.1.1-rc0","7.1.1-rc1","7.1.10","7.1.10-rc0","7.1.2","7.1.2-rc0","7.1.2-rc1","7.1.2-rc2","7.1.2-rc3","7.1.2-rc4","7.1.3","7.1.3-rc0","7.1.4","7.1.4-rc0","7.1.4-rc1","7.1.5","7.1.5-rc0","7.1.5-rc1","7.1.6","7.1.6-rc0","7.1.6-rc1","7.1.7","7.1.7-rc0","7.1.8","7.1.9","7.1.9-rc0","7.1.9-rc1","7.1.9-rc2","8.0.0","8.0.0-rc4","8.0.1","8.0.1-rc0","8.0.2","8.0.2-rc0","8.0.3","8.0.3-rc0","8.0.4","8.0.4-rc0","8.0.5","8.0.6","8.0.6-rc0","8.0.6-rc1","8.0.7","8.0.7-rc0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-9494.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}