In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-06-03T00:00:00

Updated: 2024-08-04T11:21:14.514Z

Reserved: 2020-03-30T00:00:00

Link: CVE-2020-11080

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-06-03T23:15:11.073

Modified: 2024-11-21T04:56:44.657

Link: CVE-2020-11080

cve-icon Redhat

Severity : Important

Publid Date: 2020-06-02T00:00:00Z

Links: CVE-2020-11080 - Bugzilla