HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
History

Thu, 08 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-04-04T19:21:41.984Z

Updated: 2024-08-02T00:34:51.356Z

Reserved: 2024-02-23T14:20:56.465Z

Link: CVE-2024-27316

cve-icon Vulnrichment

Updated: 2024-08-02T00:34:51.356Z

cve-icon NVD

Status : Modified

Published: 2024-04-04T20:15:08.720

Modified: 2024-11-21T09:04:18.993

Link: CVE-2024-27316

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-04-03T00:00:00Z

Links: CVE-2024-27316 - Bugzilla