Описание
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| php-amphp-http | itp | package | ||
| php-amphp-http-client | itp | package |
Примечания
https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm
https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4
EPSS
Связанные уязвимости
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
Уязвимость библиотеки amphp/http и HTTP-клиента amphp/http-client, позволяющая нарушителю вызвать отказ в обслуживании
EPSS