Memory Allocation with Excessive Size Value
CVE-2024-2653
Summary
The package amphp/http implements HTTP/2 in a way that is vulnerable to "HTTP/2 CONTINUATION Flood". It will "CONTINUATION" frames in an unbounded buffer and will not check a limit until it has received the set "END_HEADERS" flag. Since the flag is never set, it will result in an Out-of-Memory (OOM) crash. This issue affects amphp/http versions 1.6.0-rc1 through 1.7.2 and 2.0.0-beta.1 through 2.1.0 and amphp/http-client versions 4.0.0-rc10 through 4.0.0.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-789 - Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
References
Advisory Timeline
- Published