CVE-2024-27316
Description
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
NVD
Severity: N/A
CVE ID: CVE-2024-27316
CVSS Score: N/A
CVSS Metrics: NVD assessment not yet provided.
Proof Of Concept
lockness-Ko
Proof of concept (PoC) for CVE-2024-27316 (tested), CVE-2024-30255 (untested), CVE-2024-31309 (untested), CVE-2024-28182 (untested), CVE-2024-2653 (untested) and CVE-2024-27919 (untested)
Refrence: GitHub
aeyesec
Refrence: GitHub