You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
http2: avoid uaf while receiving and sending rst_stream
Mark the session as receiving around nghttp2_session_mem_recv() and
defer RST_STREAM handling while receive is in progress. This prevents
closing a stream while nghttp2 still processes it and avoids
heap-use-after-free in nghttp2_session_mem_recv2().
Fixes: #64113
Signed-off-by: Evgeniy Gorbanev <gorbanev.es@gmail.com>
0 commit comments