2269175 – (CVE-2024-2653, VU#421644.6) CVE-2024-2653 amphp: CONTINUATION frames DoS

Bug 2269175 (CVE-2024-2653, VU#421644.6) - CVE-2024-2653 amphp: CONTINUATION frames DoS

Summary: CVE-2024-2653 amphp: CONTINUATION frames DoS

Keywords:
Status:	NEW
Alias:	CVE-2024-2653, VU#421644.6
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2273040
Blocks:	2268258
TreeView+	depends on / blocked

Reported:	2024-03-12 15:39 UTC by Nick Tait
Modified:	2024-04-05 20:45 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in how amphp implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Nick Tait 2024-03-12 15:39:44 UTC

This description was provided in the disclosure from VINCE:

The AMPHP implementation of HTTP/2 will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.

Comment 6 Nick Tait 2024-04-03 19:13:47 UTC

Created nextcloud tracking bugs for this issue:

Affects: fedora-all [bug 2273040]

Note You need to log in before you can comment on or make changes to this bug.