Security News

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service attacks, crashing web servers with a single TCP connection in some implementations. HTTP/2 is an update to the HTTP protocol standardized in 2015, designed to improve web performance by introducing binary framing for efficient data transmission, multiplexing to allow multiple requests and responses over a single connection, and header compression to reduce overhead. The new CONTINUATION Flood vulnerabilities were discovered by researcher Barket Nowotarski, who says that it relates to the use of HTTP/2 CONTINUATION frames, which are not properly limited or checked in many implementations of the protocol.

New research has unveiled a vulnerability within the HTTP/2 protocol, known as HTTP/2 CONTINUATION Flood, that allows for denial-of-service (DoS) attacks. This issue, discovered by security researcher Bartek Nowotarski and reported to CERT/CC on January 25, 2024, arises from improper handling of CONTINUATION frames—a component used to transmit extended header lists within a single stream. CERT/CC's advisory highlights that attackers exploiting this vulnerability could send continuous CONTINUATION frames without concluding them with an END_HEADERS flag, leading to potential server crashes or significant performance drops due to out-of-memory conditions or CPU exhaustion.

While Ivanti said the remote code execution risks are limited to "Certain conditions," the company didn't provide details on the vulnerable configurations. "We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure," Ivanti added.

As many as 300,000 servers or devices on the public internet are thought to be vulnerable right now to the recently disclosed Loop Denial-of-Service technique that works against some UDP-based application-level services. It's pretty trivial, and basically relies on sending an error message to, let's say, vulnerable server A in such a way, using IP address source spoofing, that server A responds with an error message to vulnerable server B, which sends an error message to A, which responds to B, which responds to A, over and over again in an infinite loop.

A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic. The attack is possible due to a vulnerability, currently tracked as CVE-2024-2169, in the implementation of the UDP protocol, which is susceptible to IP spoofing and does not provide sufficient packet verification.

A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk....

Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI)...

Security researchers have found over 178,000 SonicWall next-generation firewalls with the management interface exposed online are vulnerable to denial-of-service and potential remote code execution attacks."Using BinaryEdge source data, we scanned SonicWall firewalls with management interfaces exposed to the internet and found that 76% are vulnerable to one or both issues," said Jon Williams, a Senior Security Engineer at Bishop Fox.

Threat actors are flooding the npm open source package repository with bogus packages that briefly even resulted in a denial-of-service attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems' good reputation on search engines," Checkmarx's Jossef Harush Kadouri said in a report published last week.

Attackers are exploiting the good reputation and "Openness" of the popular public JavaScript software registry NPM to deliver malware and scams, but are also simultaneously and inadvertently launching DoS attacks against the service. Malicious package on NPM pointing to a site serving malware.