Lucene search

Veracode Vulnerability DatabaseVERACODE:46194

HistoryApr 04, 2024 - 5:00 a.m.

Denial Of Service (DoS)

2024-04-0405:00:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

memory exhaustion

http/2

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

6.7

Confidence

Low

EPSS

Percentile

15.5%

JSON

amphp/http-client is vulnerable to Denial Of Service. The vulnerability is due to unbounded buffering of HTTP/2 CONTINUATION frames until the END_HEADERS flag is received, which results in a memory exhaustion crash.

References

www.openwall.com/lists/oss-security/2024/04/03/16

github.com/advisories/GHSA-w8gf-g2vq-j2f4

github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4

github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

6.7

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for VERACODE:46194