CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jul/18
http://www.openwall.com/lists/oss-security/2024/04/04/4	Mailing List
https://httpd.apache.org/security/vulnerabilities_24.html	Product Release Notes
https://support.apple.com/kb/HT214119
https://www.openwall.com/lists/oss-security/2024/04/03/16

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

Configuration 3 (hide)

cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*

History

30 Jul 2024, 02:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jul/18 -

29 Jul 2024, 22:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214119 -

Information

Published : 2024-04-04 20:15

Updated : 2024-07-30 02:15

NVD link : CVE-2024-27316

Mitre link : CVE-2024-27316

CVE.ORG link : CVE-2024-27316

JSON object : View

Products Affected

apache

http_server

netapp

ontap

fedoraproject

fedora

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2024-27316", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-04-04T20:15:08.720", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/04/4", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["Product", "Release Notes"], "source": "security@apache.org"}, {"url": "https://support.apple.com/kb/HT214119", "source": "security@apache.org"}, {"url": "https://www.openwall.com/lists/oss-security/2024/04/03/16", "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion."}, {"lang": "es", "value": "Los encabezados entrantes HTTP/2 que exceden el l\u00edmite se almacenan temporalmente en nghttp2 para generar una respuesta HTTP 413 informativa. Si un cliente no deja de enviar encabezados, esto provoca que se agote la memoria."}], "lastModified": "2024-07-30T02:15:04.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8379D2C9-34C1-40CC-A470-2436ED70EEBC", "versionEndExcluding": "2.4.59", "versionStartIncluding": "2.4.17"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A20333EE-4C13-426E-8B54-D78679D5DDB8"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}