Lucene search
HistoryApr 03, 2024 - 6:15 p.m.
CVE-2024-2653
amphp/http
oom crash
continuation frames
vulnerability
nvd
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
CNA Affected
[
{
"vendor": "AMPHP",
"product": "amphp/http-client",
"versions": [
{
"status": "affected",
"version": "v4.0.0-rc10",
"lessThanOrEqual": "4.0.0",
"versionType": "custom"
}
]
},
{
"vendor": "AMPHP",
"product": "amphp/http",
"versions": [
{
"status": "affected",
"version": "2.0.0-beta.1",
"lessThanOrEqual": "2.1.0",
"versionType": "custom"
}
]
},
{
"vendor": "AMPHP",
"product": "amphp/http",
"versions": [
{
"status": "affected",
"version": "v1.6.0-rc1",
"lessThanOrEqual": "1.7.2",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
osv
osv
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
2024-04-03 18:06:45
cvelist
cvelist
CVE-2024-2653 CVE-2024-2653
2024-04-03 17:18:29
nvd
nvd
CVE-2024-2653
2024-04-03 18:15:07
redhatcve
redhatcve
CVE-2024-2653
2024-04-03 19:26:54
veracode
veracode
Denial Of Service (DoS)
2024-04-04 05:00:45
friendsofphp
friendsofphp
Denial of Service via HTTP/2 CONTINUATION Frames
1970-01-01 00:00:00
Denial of Service via HTTP/2 CONTINUATION Frames
1970-01-01 00:00:00
gitlab
gitlab
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
2024-04-03 00:00:00
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
2024-04-03 00:00:00
f5
f5
K000139227 : amphp/http vulnerability CVE-2024-2653
2024-04-09 00:00:00
github
github
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
2024-04-03 18:06:45
arista
arista
Security Advisory 0094
2024-04-05 00:00:00
thn
thn
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
2024-04-04 11:15:00
cert
cert
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2024-04-03 00:00:00