2269627 – (CVE-2024-31309) CVE-2024-31309 trafficserver: CONTINUATION frames DoS

Bug 2269627 (CVE-2024-31309) - CVE-2024-31309 trafficserver: CONTINUATION frames DoS

Summary: CVE-2024-31309 trafficserver: CONTINUATION frames DoS

Keywords:
Status:	NEW
Alias:	CVE-2024-31309
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2273041 2273042
Blocks:	2268258
TreeView+	depends on / blocked

Reported:	2024-03-14 22:56 UTC by Nick Tait
Modified:	2024-04-05 20:45 UTC (History)
CC List:	1 user (show)
Fixed In Version:	trafficserver 8.1.10, trafficserver 9.2.4
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in how Apache Traffic Server implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Nick Tait 2024-03-14 22:56:08 UTC

The Apache Traffic Server's implementation of HTTP/2 will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.

Comment 8 Nick Tait 2024-04-03 19:17:42 UTC

Created trafficserver tracking bugs for this issue:

Affects: epel-all [bug 2273042]
Affects: fedora-all [bug 2273041]

Note You need to log in before you can comment on or make changes to this bug.