mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
1.1 KiB
1.1 KiB
CVE-2024-27316
Description
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
POC
Reference
Github
- https://github.com/Ampferl/poc_http2-continuation-flood
- https://github.com/DrewskyDev/H2Flood
- https://github.com/EzeTauil/Maquina-Upload
- https://github.com/Vos68/HTTP2-Continuation-Flood-PoC
- https://github.com/aeyesec/CVE-2024-27316_poc
- https://github.com/lockness-Ko/CVE-2024-27316
- https://github.com/nomi-sec/PoC-in-GitHub