Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2024-27316

Published: 04/04/2024 Updated: 06/06/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

fedoraproject fedora 38

fedoraproject fedora 39

fedoraproject fedora 40

netapp ontap 9

Vendor Advisories

Debian CVElist Bug Report Logs: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
Debian Bug report logs - #1068412 apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 Package: src:apache2; Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 4 Apr 2024 18:54:02 UTC Severity: grave Tags: security, u ...
Amazon Linux 2: ALAS-2024-2524
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response If a client does not stop sending headers, this leads to memory exhaustion (CVE-2024-27316) ...
Amazon Linux AMI: ALAS-2024-1931
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response If a client does not stop sending headers, this leads to memory exhaustion (CVE-2024-27316) ...
Check Point Security Alerts: HTTP/2 Continuous Flood Denial of Service (CVE-2024-27316; CVE-2024-28182)
Check Point Reference: CPAI-2024-0294 Date Published: 2 Jun 2024 Severity: High ...

Mailing Lists

Full Disclosure: CERT/CC VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
kbcertorg/vuls/id/421644 announces: kbcertorg/vuls/id/421644 has links to further information from various vendors about how this affects their products The writeup from the researcher who found & reported this is at nowotarskiinfo/http2-continuation-flood-technical-details/ -- -Alan Coopersmith- ...
Full Disclosure: CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
Severity: moderate Affected versions: - Apache HTTP Server 2417 through 2458 Description: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response If a client does not stop sending headers, this leads to memory exhaustion Credit: Bartek Nowotarski (now ...

Github Repositories

https://github.com/aeyesec/CVE-2024-27316_poc

CVE-2024-27316 (HTTP/2 CONTINUATION flood) PoC Target server (Apache httpd) Start docker-compose up -d Connectivity check httpd v2458 (vulnerable) curl --http2 -i --head localhost:3392/ curl --http2 -i --head -k localhost:3393/ httpd v2459 (fixed version) curl --http2 -i --head http

https://github.com/lockness-Ko/CVE-2024-27316

Proof of concept (PoC) for cve-2024-27316 (tested), CVE-2024-30255 (untested), CVE-2024-31309 (untested), CVE-2024-28182 (untested), CVE-2024-2653 (untested) and CVE-2024-27919 (untested)

CVE-2024-27316 I decided to call this vulnerability specifically "CVE-2024-27316" since I have tested it against this vulnerability The underlying flaw effects other CVEs so I thought I'd mention those with the hope that others could test and modify this PoC :) This PoC currently only works against unencrypted http/2 servers Sources: wwwkbcertorg/vu

Recent Articles

New HTTP/2 DoS attack can crash web servers with a single connection
BleepingComputer • Bill Toulas • 04 Apr 2024

New HTTP/2 DoS attack can crash web servers with a single connection By Bill Toulas April 4, 2024 11:28 AM 0 Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations. HTTP/2 is an update to the HTTP protocol standardized in 2015, designed to improve web performance by introducing binary framing for efficient data transmission, multiplexing to allow multiple r...

Read more...

References

CWE-770https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://security.netapp.com/advisory/ntap-20240415-0013/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/http://www.openwall.com/lists/oss-security/2024/04/04/4http://www.openwall.com/lists/oss-security/2024/04/03/16https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412https://nvd.nist.govhttps://github.com/lockness-Ko/CVE-2024-27316https://alas.aws.amazon.com/AL2/ALAS-2024-2524.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380CVE-2024-1694local file inclusionCVE-2024-5645CVE-2024-24919XSSCVE-2024-36774CVE-2024-21306SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook