Vulnerability CVE-2024-27316: Information

Description

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-27316
Published: April 4, 2024
Modified: May 1, 2024
Error type identifier: CWE-400

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.59-alt12.4.59-alt1ALT-PU-2024-5986-1344449Fixed
apache2sisyphus_e2k2.4.59-alt12.4.59-alt1ALT-PU-2024-6182-1-Fixed
apache2sisyphus_riscv642.4.59-alt12.4.59-alt1ALT-PU-2024-6054-1-Fixed
apache2sisyphus_loongarch642.4.59-alt12.4.59-alt1ALT-PU-2024-6065-1-Fixed
apache2p102.4.59-alt12.4.59-alt1ALT-PU-2024-5990-3344447Fixed
apache2p10_e2k2.4.59-alt12.4.59-alt1ALT-PU-2024-6265-1-Fixed
apache2c10f12.4.59-alt12.4.59-alt1ALT-PU-2024-6194-2344709Fixed
apache2c9f22.4.59-alt12.4.59-alt1ALT-PU-2024-6193-2344710Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://httpd.apache.org/security/vulnerabilities_24.html
    https://security.netapp.com/advisory/ntap-20240415-0013/
      https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/
        https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/
          https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/
            http://www.openwall.com/lists/oss-security/2024/04/04/4
              http://www.openwall.com/lists/oss-security/2024/04/03/16
                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                Version: v24.5.1
                Back to top