Name of the Vulnerable Software and Affected Versions: github.com/hashicorp/yamux (affected versions not specified)

Description: The issue concerns a potential denial of service due to timed out writes. When the default values for Session.config.KeepAliveInterval and Session.config.ConnectionWriteTimeout are used, it can lead to Stream.Read calls hanging indefinitely if the corresponding Stream.Write call returns with ErrConnectionWriteTimeout. This can occur due to network congestion between the two sides of a connection. Any conditions causing network writes to stall for 10-30 seconds can trigger this issue, including high CPU contention or BGP reconvergence.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.