HTTP/2 CONTINUATION Frame Processing

2024-04-1909:31:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

http/2

firefox

vulnerability

out of memory

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

firefox is vulnerable to an HTTP/2 CONTINUATION frame processing vulnerability. The vulnerability is due to an absence of limits on the number of HTTP/2 CONTINUATION frames processed, allowing a server to potentially trigger an Out of Memory condition in the browser.

CPENameOperatorVersion
firefox:sideq83.0-1
firefox:sideq81.0-2
firefox:sideq82.0.3-1
firefox-esr:bullseyeeq78.5.0esr-1
firefox-esr:sideq78.8.0esr-1
firefox-esr:sideq78.5.0esr-1
firefox-esr:bustereq78.11.0esr-1~deb10u1
firefox-esr:bustereq78.8.0esr-1~deb10u1
firefox-esr:bustereq78.5.0esr-1~deb10u1
firefox-esr:bustereq68.12.0esr-1~deb10u1

Name	Operator	Version
firefox:sid	eq	83.0-1
firefox:sid	eq	81.0-2
firefox:sid	eq	82.0.3-1
firefox-esr:bullseye	eq	78.5.0esr-1
firefox-esr:sid	eq	78.8.0esr-1
firefox-esr:sid	eq	78.5.0esr-1
firefox-esr:buster	eq	78.11.0esr-1~deb10u1
firefox-esr:buster	eq	78.8.0esr-1~deb10u1
firefox-esr:buster	eq	78.5.0esr-1~deb10u1
firefox-esr:buster	eq	68.12.0esr-1~deb10u1