Bug 2268277 (CVE-2024-27316, VU#421644.4) - CVE-2024-27316 httpd: CONTINUATION frames DoS
Summary: CVE-2024-27316 httpd: CONTINUATION frames DoS
Keywords:
Status: NEW
Alias: CVE-2024-27316, VU#421644.4
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2273037 2268474 2268475 2270547 2274836
Blocks: 2268258
TreeView+ depends on / blocked
 
Reported: 2024-03-06 21:33 UTC by Nick Tait
Modified: 2024-07-09 16:21 UTC (History)
151 users (show)

Fixed In Version: httpd 2.4.59
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up memory resources to cause a Denial of Service.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:1809 0 None None None 2024-04-15 01:38:04 UTC
Red Hat Product Errata RHBA-2024:1810 0 None None None 2024-04-15 01:39:04 UTC
Red Hat Product Errata RHSA-2024:1786 0 None None None 2024-04-11 16:22:17 UTC
Red Hat Product Errata RHSA-2024:1872 0 None None None 2024-04-18 01:38:31 UTC
Red Hat Product Errata RHSA-2024:2564 0 None None None 2024-04-30 14:40:26 UTC
Red Hat Product Errata RHSA-2024:2693 0 None None None 2024-05-07 15:47:43 UTC
Red Hat Product Errata RHSA-2024:2694 0 None None None 2024-05-07 15:45:08 UTC
Red Hat Product Errata RHSA-2024:2891 0 None None None 2024-05-16 18:16:50 UTC
Red Hat Product Errata RHSA-2024:2907 0 None None None 2024-05-20 01:50:07 UTC
Red Hat Product Errata RHSA-2024:3402 0 None None None 2024-05-28 14:27:02 UTC
Red Hat Product Errata RHSA-2024:3417 0 None None None 2024-05-28 14:05:56 UTC
Red Hat Product Errata RHSA-2024:4390 0 None None None 2024-07-08 21:28:48 UTC
Red Hat Product Errata RHSA-2024:4392 0 None None None 2024-07-08 22:19:21 UTC

Description Nick Tait 2024-03-06 21:33:06 UTC
This description was provided in the disclosure from VINCE:

HTTP/2 CONTINUATION frames without the END_HEADERS flag set can be sent in a continuous stream by an attacker to an Apache Httpd implementation, which will not properly terminate the request early, causing an OOM crash.

[note: edited "which will not properly append header information in memory" to "which will not properly terminate the request early" per note from Apache in VINCE]

Comment 2 Jean-frederic Clere 2024-03-07 12:42:06 UTC
CVE-2023-44487 is something different i think you are mixing CVE...

Comment 34 Nick Tait 2024-04-03 19:13:08 UTC
Created mod_http2 tracking bugs for this issue:

Affects: fedora-all [bug 2273037]

Comment 36 errata-xmlrpc 2024-04-11 16:22:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:1786 https://access.redhat.com/errata/RHSA-2024:1786

Comment 43 Nick Tait 2024-04-13 02:00:14 UTC
Created httpd tracking bugs for this issue:

Affects: fedora-all [bug 2274836]

Comment 47 errata-xmlrpc 2024-04-18 01:38:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1872 https://access.redhat.com/errata/RHSA-2024:1872

Comment 48 errata-xmlrpc 2024-04-30 14:40:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2564 https://access.redhat.com/errata/RHSA-2024:2564

Comment 54 errata-xmlrpc 2024-05-07 15:44:57 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2024:2694 https://access.redhat.com/errata/RHSA-2024:2694

Comment 55 errata-xmlrpc 2024-05-07 15:47:33 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2024:2693 https://access.redhat.com/errata/RHSA-2024:2693

Comment 58 errata-xmlrpc 2024-05-16 18:16:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:2891 https://access.redhat.com/errata/RHSA-2024:2891

Comment 59 errata-xmlrpc 2024-05-20 01:49:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:2907 https://access.redhat.com/errata/RHSA-2024:2907

Comment 60 errata-xmlrpc 2024-05-28 14:05:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:3417 https://access.redhat.com/errata/RHSA-2024:3417

Comment 61 errata-xmlrpc 2024-05-28 14:26:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:3402 https://access.redhat.com/errata/RHSA-2024:3402

Comment 64 errata-xmlrpc 2024-07-08 21:28:37 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Via RHSA-2024:4390 https://access.redhat.com/errata/RHSA-2024:4390

Comment 65 errata-xmlrpc 2024-07-08 22:19:11 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:4392 https://access.redhat.com/errata/RHSA-2024:4392


Note You need to log in before you can comment on or make changes to this bug.