When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Go | Golang | * | 1.25.10 (excluding) |
| Go | Golang | 1.26.0 (including) | 1.26.3 (excluding) |
| Http2 | Golang | * | 0.53.0 (excluding) |
| Adsys | Ubuntu | devel | * |
| Adsys | Ubuntu | esm-infra/focal | * |
| Adsys | Ubuntu | jammy | * |
| Adsys | Ubuntu | noble | * |
| Adsys | Ubuntu | questing | * |
| Adsys | Ubuntu | resolute | * |
| Containerd | Ubuntu | esm-apps-legacy/xenial | * |
| Containerd | Ubuntu | esm-apps/bionic | * |
| Containerd | Ubuntu | esm-apps/xenial | * |
| Containerd | Ubuntu | esm-infra/focal | * |
| Containerd | Ubuntu | jammy | * |
| Containerd-app | Ubuntu | esm-apps/focal | * |
| Containerd-app | Ubuntu | esm-apps/jammy | * |
| Containerd-app | Ubuntu | jammy | * |
| Containerd-app | Ubuntu | noble | * |
| Containerd-app | Ubuntu | questing | * |
| Containerd-app | Ubuntu | resolute | * |
| Containerd-stable | Ubuntu | devel | * |
| Containerd-stable | Ubuntu | questing | * |
| Containerd-stable | Ubuntu | resolute | * |
| Golang-golang-x-net | Ubuntu | devel | * |
| Golang-golang-x-net | Ubuntu | esm-apps/jammy | * |
| Golang-golang-x-net | Ubuntu | esm-apps/noble | * |
| Golang-golang-x-net | Ubuntu | esm-apps/resolute | * |
| Golang-golang-x-net | Ubuntu | jammy | * |
| Golang-golang-x-net | Ubuntu | noble | * |
| Golang-golang-x-net | Ubuntu | questing | * |
| Golang-golang-x-net | Ubuntu | resolute | * |
| Golang-golang-x-net | Ubuntu | upstream | * |
| Golang-golang-x-net-dev | Ubuntu | esm-infra/xenial | * |
| Google-guest-agent | Ubuntu | esm-apps/xenial | * |
| Juju-core | Ubuntu | esm-infra/xenial | * |
| Lxd | Ubuntu | esm-infra/xenial | * |