Vulnerability Database
289,598
Total vulnerabilities in the database
CVE-2024-2653
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
| Software | From | Fixed in |
|---|---|---|
amphp / http
|
2.0.0 | 2.1.1 |
|
amphp / http
|
- | 1.7.3 |
|
amphp / http-client
|
4.0.0-rc10 | 4.0.0.x |
- http://www.openwall.com/lists/oss-security/2024/04/03/16
- https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4
- https://github.com/amphp/http/commit/3a33e68a3b53f7279217238e89748cf0cb30b8a6
- https://github.com/amphp/http/commit/881cc33da236fbcd0cb0cf6c2bfc7efcf80ede76
- https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm
- https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/http-client/CVE-2024-2653.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/http/CVE-2024-2653.yaml
- https://www.kb.cert.org/vuls/id/421644