{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2653", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2024-03-19T15:20:53.090Z", "datePublished": "2024-04-03T17:18:29.944Z", "dateUpdated": "2024-09-06T16:43:42.206Z"}, "containers": {"cna": {"title": "CVE-2024-2653", "descriptions": [{"lang": "en", "value": "amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "AMPHP", "product": "amphp/http-client", "versions": [{"status": "affected", "version": "v4.0.0-rc10", "lessThanOrEqual": "4.0.0", "versionType": "custom"}]}, {"vendor": "AMPHP", "product": "amphp/http", "versions": [{"status": "affected", "version": "2.0.0-beta.1", "lessThanOrEqual": "2.1.0", "versionType": "custom"}]}, {"vendor": "AMPHP", "product": "amphp/http", "versions": [{"status": "affected", "version": "v1.6.0-rc1", "lessThanOrEqual": "1.7.2", "versionType": "custom"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-789: Memory Allocation with Excessive Size Value"}]}], "references": [{"url": "https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm"}, {"url": "https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"}], "x_generator": {"engine": "VINCE 2.1.12", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2653"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2024-04-03T18:28:25.344Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:18:48.205Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm", "tags": ["x_transferred"]}, {"url": "https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "amphp", "product": "http-client", "cpes": ["cpe:2.3:a:amphp:http-client:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "v4.0.0-rc10", "status": "affected", "lessThanOrEqual": "4.0.0", "versionType": "custom"}]}, {"vendor": "amphp", "product": "http", "cpes": ["cpe:2.3:a:amphp:http:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "2.0.0-beta1", "status": "affected", "lessThanOrEqual": "2.1.0", "versionType": "custom"}]}, {"vendor": "amphp", "product": "http", "cpes": ["cpe:2.3:a:amphp:http:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "v1.6.0-rc1", "status": "affected", "lessThanOrEqual": "1.7.2", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T16:35:51.687001Z", "id": "CVE-2024-2653", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T16:43:42.206Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm", "tags": ["x_transferred"]}, {"url": "https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:18:48.205Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-2653", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-06T16:35:51.687001Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:amphp:http-client:*:*:*:*:*:*:*:*"], "vendor": "amphp", "product": "http-client", "versions": [{"status": "affected", "version": "v4.0.0-rc10", "versionType": "custom", "lessThanOrEqual": "4.0.0"}], "defaultStatus": "affected"}, {"cpes": ["cpe:2.3:a:amphp:http:*:*:*:*:*:*:*:*"], "vendor": "amphp", "product": "http", "versions": [{"status": "affected", "version": "2.0.0-beta1", "versionType": "custom", "lessThanOrEqual": "2.1.0"}], "defaultStatus": "affected"}, {"cpes": ["cpe:2.3:a:amphp:http:*:*:*:*:*:*:*:*"], "vendor": "amphp", "product": "http", "versions": [{"status": "affected", "version": "v1.6.0-rc1", "versionType": "custom", "lessThanOrEqual": "1.7.2"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T16:39:27.308Z"}}], "cna": {"title": "CVE-2024-2653", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "AMPHP", "product": "amphp/http-client", "versions": [{"status": "affected", "version": "v4.0.0-rc10", "versionType": "custom", "lessThanOrEqual": "4.0.0"}]}, {"vendor": "AMPHP", "product": "amphp/http", "versions": [{"status": "affected", "version": "2.0.0-beta.1", "versionType": "custom", "lessThanOrEqual": "2.1.0"}]}, {"vendor": "AMPHP", "product": "amphp/http", "versions": [{"status": "affected", "version": "v1.6.0-rc1", "versionType": "custom", "lessThanOrEqual": "1.7.2"}]}], "references": [{"url": "https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm"}, {"url": "https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"}], "x_generator": {"env": "prod", "engine": "VINCE 2.1.12", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2653"}, "descriptions": [{"lang": "en", "value": "amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-789: Memory Allocation with Excessive Size Value"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2024-04-03T18:28:25.344Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2653", "state": "PUBLISHED", "dateUpdated": "2024-09-06T16:43:42.206Z", "dateReserved": "2024-03-19T15:20:53.090Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2024-04-03T17:18:29.944Z", "assignerShortName": "certcc"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash."}, {"lang": "es", "value": "amphp/http recopilar\u00e1 cuadros de CONTINUACI\u00d3N en un b\u00fafer ilimitado y no verificar\u00e1 un l\u00edmite hasta que haya recibido el indicador END_HEADERS establecido, lo que provocar\u00e1 un bloqueo de OOM."}], "id": "CVE-2024-2653", "lastModified": "2024-09-06T17:35:08.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-03T18:15:07.317", "references": [{"source": "cret@cert.org", "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"}, {"source": "cret@cert.org", "url": "https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4"}, {"source": "cret@cert.org", "url": "https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis"}

{"acknowledgement": "Red Hat would like to thank Bartek Nowotarski (nowotarski.info) for reporting this issue.", "bugzilla": {"description": "amphp: CONTINUATION frames DoS", "id": "2269175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269175"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.", "A vulnerability was found in how amphp implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2024-2653", "public_date": "2024-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-2653\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2653\nhttps://nowotarski.info/http2-continuation-flood/\nhttps://www.kb.cert.org/vuls/id/421644"], "statement": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is no reasonable mitigation. Once an attack has ended, the system should return to normal operations on its own.", "threat_severity": "Important"}