AMPHP Denial of Service via HTTP/2 CONTINUATION Frames

🗓️ 03 Apr 2024 18:06:45Reported by GitHub Advisory DatabaseType

AMPHP HTTP/2 CONTINUATION Frames OOM Vulnerabilit

Reporter	Title	Published	Views	Family All 20
Arista	Security Advisory 0094	3 Apr 202400:00	–	arista
GithubExploit	Exploit for Allocation of Resources Without Limits or Throttling in Apache Http_Server	9 Apr 202408:08	–	githubexploit
Circl	CVE-2024-2653	9 Apr 202408:14	–	circl
CNNVD	amphp http 安全漏洞	3 Apr 202400:00	–	cnnvd
CVE	CVE-2024-2653	3 Apr 202417:18	–	cve
Cvelist	CVE-2024-2653 CVE-2024-2653	3 Apr 202417:18	–	cvelist
EUVD	EUVD-2024-1280	3 Oct 202520:07	–	euvd
F5 Networks	K000139227: amphp/http vulnerability CVE-2024-2653	9 Apr 202411:07	–	f5
Friends Of PHP	Denial of Service via HTTP/2 CONTINUATION Frames	1 Jan 197000:00	–	friendsofphp
Friends Of PHP	Denial of Service via HTTP/2 CONTINUATION Frames	1 Jan 197000:00	–	friendsofphp

Vulners

Node

amphp http-clientRange4.0.0-rc10–4.0.0composer

amphp httpRange≤1.7.2composer

amphp httpRange2.0.0–2.1.0composer

Source	Link
github	www.github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm
github	www.github.com/amphp/http/commit/3a33e68a3b53f7279217238e89748cf0cb30b8a6
github	www.github.com/amphp/http/commit/881cc33da236fbcd0cb0cf6c2bfc7efcf80ede76
github	www.github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-2653
kb	www.kb.cert.org/vuls/id/421644
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/amphp/http-client/CVE-2024-2653.yaml
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/amphp/http/CVE-2024-2653.yaml
openwall	www.openwall.com/lists/oss-security/2024/04/03/16
github	www.github.com/advisories/GHSA-qjfw-cvjf-f4fm

02 May 2024 18:58Current

7High risk

Vulners AI Score7

CVSS 3.18.2

EPSS0.05065

SSVC