This description was provided in the disclosure from VINCE: An implementation using the nghttp2 library will continue to receive CONTINUATION frames, and will not callback to the application to allow visibility into this information before it resets the stream, resulting in a DoS.
Created nghttp2 tracking bugs for this issue: Affects: fedora-all [bug 2273036] Created nodejs tracking bugs for this issue: Affects: epel-all [bug 2273035] Created nodejs:13/nghttp2 tracking bugs for this issue: Affects: epel-all [bug 2273034] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2273038]
Created nghttp2 tracking bugs for this issue: Affects: epel-all [bug 2273388] Created nodejs16 tracking bugs for this issue: Affects: fedora-all [bug 2273389] Created nodejs18 tracking bugs for this issue: Affects: fedora-all [bug 2273390] Created nodejs20 tracking bugs for this issue: Affects: fedora-all [bug 2273391] Created nodejs:13/nodejs tracking bugs for this issue: Affects: epel-all [bug 2273392] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2273393]
FEDORA-2024-da8cdd8414 (nghttp2-1.59.0-3.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-a00de83de9 (nghttp2-1.55.1-5.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2024:2694 https://access.redhat.com/errata/RHSA-2024:2694
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2024:2693 https://access.redhat.com/errata/RHSA-2024:2693
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2779 https://access.redhat.com/errata/RHSA-2024:2779
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2778 https://access.redhat.com/errata/RHSA-2024:2778
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2780 https://access.redhat.com/errata/RHSA-2024:2780
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2853 https://access.redhat.com/errata/RHSA-2024:2853
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2910 https://access.redhat.com/errata/RHSA-2024:2910
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:2937 https://access.redhat.com/errata/RHSA-2024:2937