Description
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
INFO
Published Date :
2024-04-04T14:41:36.587Z
Last Modified :
2025-11-04T18:30:26.332Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2024-28182 vulnerability.
| Vendors | Products |
|---|---|
| Debian |
|
| Fedoraproject |
|
| Nghttp2 |
|
| Redhat |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-28182.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact