Description

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

INFO

Published Date :

2024-04-04T19:21:41.984Z

Last Modified :

2025-11-04T22:06:02.830Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2024-27316 vulnerability.

Vendors Products
Apache
  • Http Server
Fedoraproject
  • Fedora
Netapp
  • Ontap
Redhat
  • Enterprise Linux
  • Jboss Core Services
  • Jboss Enterprise Application Platform
  • Rhel Eus

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact