Home > Vulnerability Database > CVE-2024-2653

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2024-2653

Date: April 3, 2024

amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.

Language: C++

Severity Score

8.2

Related Resources (11)

Url: http://www.openwall.com/lists/oss-security/2024/04/03/16

Url: https://github.com/amphp/http/commit/3a33e68a3b53f7279217238e89748cf0cb30b8a6

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/http/CVE-2024-2653.yaml

Url: https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm

Url: https://github.com/amphp/http/commit/881cc33da236fbcd0cb0cf6c2bfc7efcf80ede76

Url: https://www.kb.cert.org/vuls/id/421644

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-2653

Url: https://github.com/amphp/http

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/http-client/CVE-2024-2653.yaml

Url: https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4

Url: https://www.mend.io/vulnerability-database/CVE-2024-2653

Severity Score

8.2

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

Do you need more information?

Contact Us