Описание
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.53.0-1 |
| esm-apps/xenial | released | 1.7.1-1ubuntu0.1~esm1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 1.30.0-1ubuntu1+esm1 |
| esm-infra/focal | not-affected | 1.40.0-1ubuntu0.1 |
| focal | released | 1.40.0-1ubuntu0.1 |
| jammy | not-affected | 1.43.0-1build3 |
| kinetic | not-affected | 1.49.0-1 |
| lunar | not-affected | 1.52.0-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | code not present |
| eoan | ignored | end of life |
| esm-apps/bionic | not-affected | code-not-compiled |
| esm-apps/focal | not-affected | code-not-compiled |
| esm-apps/jammy | not-affected | code-not-compiled |
| esm-apps/noble | not-affected | 18.19.1+dfsg-6ubuntu5 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| focal | not-affected | code-not-compiled |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
3.7 Low
CVSS3
Связанные уязвимости
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...
EPSS
5 Medium
CVSS2
3.7 Low
CVSS3