Описание
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
A vulnerability was found in how amphp implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.
Отчет
Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is no reasonable mitigation. Once an attack has ended, the system should return to normal operations on its own.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
amphp/http will collect CONTINUATION frames in an unbounded buffer and ...
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
Уязвимость библиотеки amphp/http и HTTP-клиента amphp/http-client, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3