Lucene search
OpenJS FoundationFRIENDSOFPHP:PHP:HTTP-CLIENT:CVE-2024-2653HistoryJan 01, 1970 - 12:00 a.m.
Denial of Service via HTTP/2 CONTINUATION Frames
1970-01-0100:00:00
OpenJS Foundation
github.com
6
Description Early versions of amphp/http-client with HTTP/2 support (v4.0.0-rc10 to 4.0.0) will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the END_HEADERS flag, resulting in an OOM crash. Later versions of amphp/http-client (v4.1.0-rc1 and up) depend on amphp/http for HTTP/2 processing and will therefore need an updated version of amphp/http, see GHSA-qjfw-cvjf-f4fm. Acknowledgements Thank you to Bartek Nowotarski for reporting the vulnerability.
Affected configurations
Node
amphphttp-clientRange≤4.0.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| amphp/http-client | le | 4.0.0 |
Related
redhatcve
redhatcve
CVE-2024-2653
2024-04-03 19:26:54
veracode
veracode
Denial Of Service (DoS)
2024-04-04 05:00:45
nvd
nvd
CVE-2024-2653
2024-04-03 18:15:07
cvelist
cvelist
CVE-2024-2653 CVE-2024-2653
2024-04-03 17:18:29
osv
osv
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
2024-04-03 18:06:45
f5
f5
K000139227 : amphp/http vulnerability CVE-2024-2653
2024-04-09 00:00:00
friendsofphp
friendsofphp
Denial of Service via HTTP/2 CONTINUATION Frames
1970-01-01 00:00:00
gitlab
gitlab
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
2024-04-03 00:00:00
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
2024-04-03 00:00:00
cve
cve
CVE-2024-2653
2024-04-03 18:15:07
github
github
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
2024-04-03 18:06:45
arista
arista
Security Advisory 0094
2024-04-05 00:00:00
thn
thn
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
2024-04-04 11:15:00
cert
cert
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2024-04-03 00:00:00
7.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Related for FRIENDSOFPHP:PHP:HTTP-CLIENT:CVE-2024-2653