GHSA-W8GF-G2VQ-J2F4 amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames

Early versions of amphp/http-client with HTTP/2 support v4.0.0-rc10 to 4.0.0 will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. Later versions of amphp/http-client v4.1.0-rc1...

amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames

Early versions of amphp/http-client with HTTP/2 support v4.0.0-rc10 to 4.0.0 will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. Later versions of amphp/http-client v4.1.0-rc1...

CVE-2024-2653

amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set ENDHEADERS flag, resulting in an OOM crash...

CVE-2024-2758

Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately...

AMPHP Denial of Service via HTTP/2 CONTINUATION Frames

amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they're used with an unpatched version of...

CVE-2024-2653

CVE-2024-2653 affects the AMPHP HTTP stack: amphp/http will accumulate HTTP/2 CONTINUATION frames in an unbounded buffer and only enforces a limit when END_HEADERS is seen, causing an out-of-memory crash. The issue also indirectly impacts amphp/http-client and amphp/http-server if used with an un...

CVE-2024-2758 CVE-2024-2758

Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately...

CVE-2024-2758

CVE-2024-2758 concerns Tempesta FW. The vulnerability stems from how HTTP/2 CONTINUATION frames are handled when rate limits are not enabled by default, enabling potential denial-of-service via excessive CONTINUATION traffic (OOM/CPU exhaustion depending on implementation). The initial descriptio...

PT-2024-2623 · Tempesta · Tempesta

Name of the Vulnerable Software and Affected Versions: Tempesta affected versions not specified Description: The issue is related to a firewall vulnerability in the implementation of the HTTP/2 protocol, specifically concerning the handling of CONTINUATION frames. This can lead to an uncontrolled...

amphp http 安全漏洞

AMPHP is a collection of PHP event-driven libraries open-sourced by AMPHP. A security vulnerability exists in amphp http that stems from collecting CONTINUATION frames in an unbounded buffer and not checking the limit until it receives the set ENDHEADERS flag, resulting in an OOM crash...

amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames

Early versions of amphp/http-client with HTTP/2 support v4.0.0-rc10 to 4.0.0 will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. Later versions of amphp/http-client v4.1.0-rc1...

AMPHP Denial of Service via HTTP/2 CONTINUATION Frames

amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they're used with an unpatched version of...

PT-2024-40495 · Unknown · Amphp/Http +1

Name of the Vulnerable Software and Affected Versions: amphp/http-client versions 4.0.0-rc10 through 4.0.0 Description: The issue affects early versions of amphp/http-client with HTTP/2 support, causing the collection of HTTP/2 CONTINUATION frames in an unbounded buffer. This occurs because the...

go -- http2: close connections when receiving too many headers

The Go project reports: http2: close connections when receiving too many headers Maintaining HPACK state requires that we parse and process all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, we don't allocate memory to store the excess headers but...

PT-2024-2624 · Nghttp2 +10 · Nghttp2 +10

Name of the Vulnerable Software and Affected Versions: nghttp2 versions prior to 1.61.0 Description: The nghttp2 library keeps reading an unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync, causing excessive CPU usage to decode the HPACK...

Security Advisory 0094

Security Advisory 0094 PDF Date: April 5, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release 1.1 | April 5, 2024 | Update required configuration for exploitation and mitigation Description Arista Networks is providing this security update in response to the following...

CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

PT-2024-2591 · Unknown · Amphp/Http +1

Name of the Vulnerable Software and Affected Versions: amphp/http versions prior to the fixed version amphp/http-client versions 4.0.0-rc10 through 4.0.0 Description: The issue is related to the amphp/http library and its HTTP/2 protocol implementation, specifically with uncontrolled memory...

DEBIAN-CVE-2023-33953

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption ...

SUSE CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...