Vulnerabilities > CVE-2024-27316
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
Vulnerable Configurations
References
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://www.openwall.com/lists/oss-security/2024/04/04/4
- http://www.openwall.com/lists/oss-security/2024/04/04/4
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://support.apple.com/kb/HT214119
- https://support.apple.com/kb/HT214119
- https://www.openwall.com/lists/oss-security/2024/04/03/16
- https://www.openwall.com/lists/oss-security/2024/04/03/16