CVE-2023-39456

CVE-2023-39456: Apache Traffic Server: Malformed http/2 frames can cause an abort

Vendor Apache Software Foundation

Product Apache Traffic Server

Weakness CWE-20 · Input validation

Published October 17, 2023

Last update June 12, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.

Key dates

Disclosure timeline

October 17, 2023 CVE published

June 12, 2025 Record updated