You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
High severity
GitHub Reviewed
Published
Apr 3, 2024
in
amphp/http
•
Updated May 2, 2024
amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the END_HEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they're used with an unpatched version of amphp/http. Early versions of amphp/http-client with HTTP/2 support (v4.0.0-rc10 to 4.0.0) are also directly affected.
bartekn Finder
amphp/httpwill collect HTTP/2CONTINUATIONframes in an unbounded buffer and will not check the header size limit until it has received theEND_HEADERSflag, resulting in an OOM crash.amphp/http-clientandamphp/http-serverare indirectly affected if they're used with an unpatched version ofamphp/http. Early versions ofamphp/http-clientwith HTTP/2 support (v4.0.0-rc10 to 4.0.0) are also directly affected.Acknowledgements
Thank you to Bartek Nowotarski for reporting the vulnerability.
References