Описание
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up memory resources to cause a Denial of Service.
Отчет
Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream Apache. The worst case scenario is memory exhaustion causing a denial of service. Once an attack has ended, the system should return to normal operations on its own. This vulnerability stems from an imperfect definition of the HTTP/2 protocol. As the httpd component is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the “Affected Packages and Issued Red Hat Security Errata” section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | HTTP-2 | Affected | ||
| Cryostat 2 | HTTP-2 | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-rhel8-operator | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/fluentd-rhel8 | Not affected | ||
| Migration Toolkit for Applications 6 | HTTP-2 | Will not fix | ||
| Migration Toolkit for Runtimes | HTTP-2 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/console-mce-rhel8 | Not affected | ||
| .NET 6.0 on Red Hat Enterprise Linux | rh-dotnet60-dotnet | Affected | ||
| OpenShift Developer Tools and Services | jenkins | Will not fix | ||
| OpenShift Serverless | HTTP-2 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
HTTP/2 incoming headers exceeding the limit are temporarily buffered i ...
EPSS
7.5 High
CVSS3