CVE-2024-28182

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-770
View all →

Vulnerability Description

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.

Related Vulnerabilities

CVE-2005-4650

MEDIUM
CVSS:5.3(Medium)

Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots.

CWE-7702005

CVE-2008-5180

MEDIUM
CVSS:5.3(Medium)

Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigg...

CWE-7702008

CVE-2017-18899

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.

CWE-7702017

CVE-2018-0006

MEDIUM
CVSS:5.3(Medium)

A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to...

CWE-7702018

CVE-2019-0005

MEDIUM
CVSS:5.3(Medium)

On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been b...

CWE-7702019

CVE-2019-15165

MEDIUM
CVSS:5.3(Medium)

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

CWE-7702019