CVE-2026-12043
HIGH
8,7
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH
8,8
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2 HEADERS frames.
To remediate this issue, users should upgrade to aws-c-http version 0.11.0.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 3 Days)
415
Double Free
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Modify Memory
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
Memory-Unsafe, C, C++
https://aws.amazon.com/security/security-bulletins/2026-043-aws/
https://github.com/awslabs/aws-c-http/releases/tag/v0.11.0
https://github.com/awslabs/aws-c-http/security/advisories/GHSA-rmjr-3qpm-vh98