{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-30255", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-26T12:52:00.934Z", "datePublished": "2024-04-04T19:41:02.634Z", "dateUpdated": "2024-04-04T19:41:02.634Z"}, "containers": {"cna": {"title": "HTTP/2: CPU exhaustion due to CONTINUATION frame flood", "problemTypes": [{"descriptions": [{"cweId": "CWE-390", "lang": "en", "description": "CWE-390: Detection of Error Condition Without Action", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"}], "affected": [{"vendor": "envoyproxy", "product": "envoy", "versions": [{"version": ">= 1.29.0, < 1.29.3", "status": "affected"}, {"version": ">= 1.28.0, < 1.28.2", "status": "affected"}, {"version": ">= 1.27.0, < 1.27.4", "status": "affected"}, {"version": "< 1.26.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T19:41:02.634Z"}, "descriptions": [{"lang": "en", "value": "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections."}], "source": {"advisory": "GHSA-j654-3ccm-vfmm", "discovery": "UNKNOWN"}}}}

{"descriptions": [{"lang": "en", "value": "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections."}, {"lang": "es", "value": "Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. La pila de protocolos HTTP/2 en las versiones de Envoy anteriores a 1.29.3, 1.28.2, 1.27.4 y 1.26.8 son vulnerables al agotamiento de la CPU debido a la inundaci\u00f3n de tramas de CONTINUACI\u00d3N. El c\u00f3dec HTTP/2 de Envoy permite al cliente enviar un n\u00famero ilimitado de tramas de CONTINUACI\u00d3N incluso despu\u00e9s de exceder los l\u00edmites del mapa de encabezado de Envoy. Esto permite a un atacante enviar una secuencia de tramas CONTINUATION sin que el bit END_HEADERS est\u00e9 configurado causando la utilizaci\u00f3n de la CPU, consumiendo aproximadamente 1 n\u00facleo por cada 300 Mbit/s de tr\u00e1fico y culminando en una denegaci\u00f3n de servicio por agotamiento de la CPU. Los usuarios deben actualizar a la versi\u00f3n 1.29.3, 1.28.2, 1.27.4 o 1.26.8 para mitigar los efectos de la inundaci\u00f3n de CONTINUACI\u00d3N. Como workaround, deshabilite el protocolo HTTP/2 para conexiones descendentes."}], "id": "CVE-2024-30255", "lastModified": "2024-05-01T18:15:19.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-04-04T20:15:08.983", "references": [{"source": "security-advisories@github.com", "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"}, {"source": "security-advisories@github.com", "url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"}, {"source": "security-advisories@github.com", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-390"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}