CVE-2024-27316 - OpenCVE

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Http Server
Netapp	Ontap
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

Configuration 3 [-]

cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/04/03/16	Mailing List
http://www.openwall.com/lists/oss-security/2024/04/04/4	Mailing List
https://httpd.apache.org/security/vulnerabilities_24.html	Product Release Notes
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/	Release Notes
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/	Release Notes
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/	Release Notes
https://security.netapp.com/advisory/ntap-20240415-0013/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2024-04-04T19:21:41.984Z

Updated: 2024-04-04T19:21:41.984Z

Reserved: 2024-02-23T14:20:56.465Z

Link: CVE-2024-27316

JSON object: View

NVD Information

Status : Modified

Published: 2024-04-04T20:15:08.720

Modified: 2024-06-10T17:16:22.980

Link: CVE-2024-27316

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-27316", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-02-23T14:20:56.465Z", "datePublished": "2024-04-04T19:21:41.984Z", "dateUpdated": "2024-04-04T19:21:41.984Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.4.58", "status": "affected", "version": "2.4.17", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Bartek Nowotarski (https://nowotarski.info/) "}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion."}], "value": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-04-04T19:21:41.984Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240415-0013/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/04/4"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-02-22T15:29:00.000Z", "value": "Reported to security team"}], "title": "Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8379D2C9-34C1-40CC-A470-2436ED70EEBC", "versionEndExcluding": "2.4.59", "versionStartIncluding": "2.4.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*", "matchCriteriaId": "A20333EE-4C13-426E-8B54-D78679D5DDB8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion."}, {"lang": "es", "value": "Los encabezados entrantes HTTP/2 que exceden el l\u00edmite se almacenan temporalmente en nghttp2 para generar una respuesta HTTP 413 informativa. Si un cliente no deja de enviar encabezados, esto provoca que se agote la memoria."}], "id": "CVE-2024-27316", "lastModified": "2024-06-10T17:16:22.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-04T20:15:08.720", "references": [{"source": "security@apache.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/04/4"}, {"source": "security@apache.org", "tags": ["Product", "Release Notes"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "security@apache.org", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"}, {"source": "security@apache.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/"}, {"source": "security@apache.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/"}, {"source": "security@apache.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240415-0013/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "security@apache.org", "type": "Secondary"}]}