Bug 2273383 (CVE-2024-3302) - CVE-2024-3302 Mozilla: Denial of Service using HTTP/2 CONTINUATION frames
Summary: CVE-2024-3302 Mozilla: Denial of Service using HTTP/2 CONTINUATION frames
Keywords:
Status: NEW
Alias: CVE-2024-3302
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2268258 2272959
TreeView+ depends on / blocked
 
Reported: 2024-04-04 14:25 UTC by Nick Tait
Modified: 2024-04-23 12:29 UTC (History)
7 users (show)

Fixed In Version: firefox 115.10, thunderbird 115.10
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:1934 0 None None None 2024-04-22 08:34:23 UTC
Red Hat Product Errata RHSA-2024:1935 0 None None None 2024-04-22 08:41:33 UTC
Red Hat Product Errata RHSA-2024:1936 0 None None None 2024-04-22 08:53:00 UTC
Red Hat Product Errata RHSA-2024:1937 0 None None None 2024-04-22 08:35:26 UTC
Red Hat Product Errata RHSA-2024:1938 0 None None None 2024-04-22 08:44:27 UTC
Red Hat Product Errata RHSA-2024:1939 0 None None None 2024-04-22 08:53:03 UTC
Red Hat Product Errata RHSA-2024:1940 0 None None None 2024-04-22 08:47:09 UTC
Red Hat Product Errata RHSA-2024:1941 0 None None None 2024-04-22 08:49:42 UTC
Red Hat Product Errata RHSA-2024:1982 0 None None None 2024-04-23 12:29:13 UTC

Description Nick Tait 2024-04-04 14:25:13 UTC 
Per initial information provided via VINCE:

Mozilla has reserved CVE-2024-3302 for this issue in the Gecko networking implementation; the Firefox and Thunderbird clients would be vulnerable to a DoS from a malicious server.
Comment 5 Mauro Matteo Cascella 2024-04-18 16:34:05 UTC 
This CVE has been published in the Firefox ESR 115.10 security advisory [1].

Impact: Low
Description:
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser.

[1] https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864
Comment 6 errata-xmlrpc 2024-04-22 08:34:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:1934 https://access.redhat.com/errata/RHSA-2024:1934
Comment 7 errata-xmlrpc 2024-04-22 08:35:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:1937 https://access.redhat.com/errata/RHSA-2024:1937
Comment 8 errata-xmlrpc 2024-04-22 08:41:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:1935 https://access.redhat.com/errata/RHSA-2024:1935
Comment 9 errata-xmlrpc 2024-04-22 08:44:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1938 https://access.redhat.com/errata/RHSA-2024:1938
Comment 10 errata-xmlrpc 2024-04-22 08:47:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1940 https://access.redhat.com/errata/RHSA-2024:1940
Comment 11 errata-xmlrpc 2024-04-22 08:49:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:1941 https://access.redhat.com/errata/RHSA-2024:1941
Comment 12 errata-xmlrpc 2024-04-22 08:52:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1936 https://access.redhat.com/errata/RHSA-2024:1936
Comment 13 errata-xmlrpc 2024-04-22 08:53:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:1939 https://access.redhat.com/errata/RHSA-2024:1939
Comment 14 errata-xmlrpc 2024-04-23 12:29:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:1982 https://access.redhat.com/errata/RHSA-2024:1982
Note You need to log in before you can comment on or make changes to this bug.