CVE-2016-6580

Name of the Vulnerable Software and Affected Versions python priority library versions prior to 1.2.0

Description The issue is related to a resource management error in the python priority library. A malicious peer can exploit this by assigning priority information for every possible HTTP/2 stream ID, causing the priority tree to allocate unbounded amounts of memory. This can lead to extremely high CPU usage and potentially result in a denial of service.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability of peers to assign priority information for HTTP/2 stream IDs to minimize the risk of exploitation.