cvedb.io
CVE-2023-26044
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2023-05-17T18:15:09.247 · Last modified 2026-06-17T05:42:32.167

Summary

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the RequestBodyBufferMiddleware with very large settings. This might lead to consuming large amounts of CPU time for processing requests and significantly delay or slow down the processing of legitimate user requests. This issue has been addressed in release 1.9.0. Users are advised to upgrade. Users unable to upgrade may keep the request body limited using RequestBodyBufferMiddleware with a sensible value which should mit

Affected products

reactphp — http

Does this affect you?

Add your gear to cvedb and we'll alert you only when reactphp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.