The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function. External References: http://mail-archives.us.apache.org/mod_mbox/www-announce/201507.mbox/%3CCABF6JR37mWzDmXDqRQwRUXiojBZrhidndnsY1ZgmcZv-o7-a+g@mail.gmail.com%3E
Created trafficserver tracking bugs for this issue: Affects: epel-all [bug 1443395] Affects: fedora-all [bug 1443396]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.