CVE-2026-33814

Public on 2026-05-07
Modified on 2026-05-08
Description
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core amazon-cloudwatch-agent Pending Fix
Amazon Linux 2023 amazon-cloudwatch-agent 2026-05-26 ALAS2023-2026-1747 Fixed
Amazon Linux 2 - Docker Extra amazon-ecr-credential-helper 2026-05-26 ALAS2DOCKER-2026-121 Fixed
Amazon Linux 2 - Ecs Extra amazon-ecr-credential-helper 2026-05-26 ALAS2ECS-2026-117 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra amazon-ecr-credential-helper 2026-05-26 ALAS2NITRO-ENCLAVES-2026-106 Fixed
Amazon Linux 2023 amazon-ecr-credential-helper 2026-05-26 ALAS2023-2026-1738 Fixed
Amazon Linux 2 - Core amazon-ssm-agent Pending Fix
Amazon Linux 2023 amazon-ssm-agent Pending Fix
Amazon Linux 2 - Core cni-plugins 2026-05-26 ALAS2-2026-3311 Fixed
Amazon Linux 2023 cni-plugins 2026-05-26 ALAS2023-2026-1723 Fixed
Amazon Linux 2 - Docker Extra containerd 2026-05-26 ALAS2DOCKER-2026-120 Fixed
Amazon Linux 2 - Ecs Extra containerd 2026-05-26 ALAS2ECS-2026-116 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra containerd 2026-05-26 ALAS2NITRO-ENCLAVES-2026-105 Fixed
Amazon Linux 2023 containerd 2026-05-26 ALAS2023-2026-1737 Fixed
Amazon Linux 2023 credentials-fetcher 2026-05-26 ALAS2023-2026-1744 Fixed
Amazon Linux 2 - Core cri-tools 2026-05-26 ALAS2-2026-3310 Fixed
Amazon Linux 2 - Docker Extra docker 2026-05-26 ALAS2DOCKER-2026-119 Fixed
Amazon Linux 2 - Ecs Extra docker 2026-05-25 ALAS2ECS-2026-115 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra docker 2026-05-25 ALAS2NITRO-ENCLAVES-2026-104 Fixed
Amazon Linux 2023 docker 2026-05-26 ALAS2023-2026-1736 Fixed
Amazon Linux 2 - Ecs Extra ecs-init Pending Fix
Amazon Linux 2023 ecs-init Pending Fix
Amazon Linux 2023 git-lfs 2026-05-26 ALAS2023-2026-1722 Fixed
Amazon Linux 2 - Golang1.11 Extra golang No Fix Planned
Amazon Linux 2 - Golang1.19 Extra golang No Fix Planned
Amazon Linux 2 - Golang1.9 Extra golang No Fix Planned
Amazon Linux 2 - Core golang 2026-05-26 ALAS2-2026-3313 Fixed
Amazon Linux 2023 golang 2026-05-26 ALAS2023-2026-1743 Fixed
Amazon Linux 2023 golang-github-burntsushi-toml 2026-05-26 ALAS2023-2026-1751 Fixed
Amazon Linux 2023 golang-github-burntsushi-toml-test 2026-05-26 ALAS2023-2026-1750 Fixed
Amazon Linux 2023 golang-github-cpuguy83-md2man 2026-05-26 ALAS2023-2026-1749 Fixed
Amazon Linux 2 - Core golist 2026-05-26 ALAS2-2026-3308 Fixed
Amazon Linux 2023 golist 2026-05-26 ALAS2023-2026-1742 Fixed
Amazon Linux 2023 libcap 2026-05-26 ALAS2023-2026-1721 Fixed
Amazon Linux 2 - Core nerdctl 2026-05-26 ALAS2-2026-3319 Fixed
Amazon Linux 2023 nerdctl 2026-05-26 ALAS2023-2026-1735 Fixed
Amazon Linux 2 - Docker Extra oci-add-hooks 2026-05-26 ALAS2DOCKER-2026-122 Fixed
Amazon Linux 2 - Ecs Extra oci-add-hooks 2026-05-26 ALAS2ECS-2026-118 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra oci-add-hooks 2026-05-26 ALAS2NITRO-ENCLAVES-2026-107 Fixed
Amazon Linux 2023 oci-add-hooks 2026-05-26 ALAS2023-2026-1739 Fixed
Amazon Linux 2 - Core rclone 2026-05-26 ALAS2-2026-3309 Fixed
Amazon Linux 2023 rclone 2026-05-26 ALAS2023-2026-1717 Fixed
Amazon Linux 2 - Docker Extra runc 2026-05-26 ALAS2DOCKER-2026-125 Fixed
Amazon Linux 2 - Ecs Extra runc 2026-05-26 ALAS2ECS-2026-119 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra runc 2026-05-25 ALAS2NITRO-ENCLAVES-2026-103 Fixed
Amazon Linux 2023 runc 2026-05-26 ALAS2023-2026-1715 Fixed
Amazon Linux 2 - Docker Extra runfinch-finch 2026-05-26 ALAS2DOCKER-2026-124 Fixed
Amazon Linux 2023 runfinch-finch 2026-05-26 ALAS2023-2026-1741 Fixed
Amazon Linux 2 - Docker Extra soci-snapshotter 2026-05-26 ALAS2DOCKER-2026-123 Fixed
Amazon Linux 2023 soci-snapshotter 2026-05-26 ALAS2023-2026-1740 Fixed
Amazon Linux 2023 yq 2026-05-26 ALAS2023-2026-1716 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2026-33814 Mitre: CVE-2026-33814