CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-27316

Medium Severity
Apache
SVRS
30/100
CVSSv3
7.5/10
EPSS
0.89857/1

CVE-2024-27316 is a vulnerability in nghttp2 related to HTTP/2 header handling that can lead to memory exhaustion. An attacker can exploit this by sending excessive HTTP/2 headers, causing the server to buffer them in memory while generating an HTTP 413 error, eventually leading to a denial-of-service condition. Despite the CVSS score of 7.5, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a lower immediate risk compared to critical vulnerabilities. However, the presence of "Exploit Available" and "In The Wild" tags suggests the potential for increased risk. While not immediately critical based on the SVRS, CVE-2024-27316 requires monitoring and patching because active exploits are available, and vendors are likely providing advisories. This vulnerability poses a risk of denial-of-service by exhausting server resources. Failing to address it could lead to service disruptions.

TAGS
In The Wild
Exploit Avaliable
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-04-04
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-27316 is a memory exhaustion vulnerability in nghttp2, a library for implementing the HTTP/2 protocol. The vulnerability is caused by the library's handling of incoming HTTP/2 headers that exceed the limit. If a client does not stop sending headers, this can lead to memory exhaustion on the server.

The SVRS for this vulnerability is 50, indicating that it is a moderate-severity vulnerability. However, the fact that active exploits have been published and the vulnerability is being used in the wild means that it should be considered a high-priority vulnerability.

Key Insights

  • This vulnerability can be exploited by sending a specially crafted HTTP/2 request to a vulnerable server.
  • The vulnerability can lead to a denial of service (DoS) attack, causing the server to crash or become unresponsive.
  • The vulnerability is being actively exploited by hackers, and there are active exploits available.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.

Mitigation Strategies

  • Update to the latest version of nghttp2.
  • Configure nghttp2 to limit the size of incoming HTTP/2 headers.
  • Monitor your systems for signs of exploitation, such as increased memory usage or DoS attacks.
  • Implement a web application firewall (WAF) to block malicious HTTP/2 requests.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
lockness-Ko/CVE-2024-27316https://github.com/lockness-Ko/CVE-2024-273162024-04-09
aeyesec/CVE-2024-27316_pochttps://github.com/aeyesec/CVE-2024-27316_poc2024-04-17
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

1.850
2025-05-13
1.850 | Newly Added (75)Apache HTTP Server SessionHeader CVE-2021-26691 Buffer Overflow VulnerabilityApache HTTP Server CVE-2022-22720 HTTP Request Smuggling VulnerabilityApache HTTP Server mod_rewrite CVE-2024-38475 Code Injection Vulnerability<a href="https://fortiguard.fortinet.com
fortiguard.com
rss
forum
news
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2024-12-02
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks | Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream. An attacker that can send packets to a target server can send a stream of CONTINUATION frames that will not
cert.org
rss
forum
news
Siemens SINEC NMS
CISA2024-11-14
Siemens SINEC NMS | As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory.&nbsp;For the most up-to-date information on vulnerabilities in this advisory, please see&nbsp;Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF
cisa.gov
rss
forum
news
DDoS threat report for 2024 Q1 - The Cloudflare Blog
2024-04-16
DDoS threat report for 2024 Q1 - The Cloudflare Blog | News Content: Welcome to the 17th edition of Cloudflare’s DDoS threat report. This edition covers the DDoS threat landscape along with key findings as observed from the Cloudflare network during the first quarter of 2024. But first, a quick recap. A DDoS attack, short for Distributed Denial of Service attack, is a type of cyber attack that aims to take down or disrupt Internet services such as websites or mobile apps and make them unavailable for users. DDoS attacks are usually done by flooding the victim's server with more
google.com
rss
forum
news
DDoS threat report for 2024 Q1 - The Cloudflare Blog
2024-04-16
DDoS threat report for 2024 Q1 - The Cloudflare Blog | Description: Welcome to the 17th edition of Cloudflare’s DDoS threat report. This edition covers the DDoS threat landscape along with key findings as observed from the Cloudflare network during the first quarter of 2024. | News Content: Welcome to the 17th edition of Cloudflare’s DDoS threat report. This edition covers the DDoS threat landscape along with key findings as observed from the Cloudflare network during the first quarter of 2024. But first, a quick recap. A DDoS attack, short for Distributed Denial of Service attack, is a type of cyber
google.com
rss
forum
news
Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to Cyber Attack
Dhivya2024-07-18
Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to Cyber Attack | The Apache Software Foundation has disclosed several critical vulnerabilities in the Apache HTTP Server, which could potentially expose millions of websites to cyber-attacks. These vulnerabilities, identified by their Common Vulnerabilities and Exposures (CVE) numbers, affect various versions of the Apache HTTP Server and could lead to severe consequences such as source code disclosure, server-side request [&#8230;] The post Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to
cybersecuritynews.com
rss
forum
news
CVE-2024-27316 | Apache HTTP Server up to 2.4.58 nghttp2 resource consumption (FEDORA-2024-1f11550e31)
vuldb.com2024-06-06
CVE-2024-27316 | Apache HTTP Server up to 2.4.58 nghttp2 resource consumption (FEDORA-2024-1f11550e31) | A vulnerability has been found in Apache HTTP Server up to 2.4.58 and classified as problematic. This vulnerability affects unknown code of the component nghttp2. The manipulation leads to resource consumption. This vulnerability was named CVE-2024-27316. The attack can be initiated remotely. There is no exploit
vuldb.com
rss
forum
news

Social Media

@Kemhan_RI @kemkomdigi CVE-2012-3526 - Remote Code Execution (RCE) pada server Apache Tomcat. CVE-2022-23943 - Kerentanan pada library tertentu yang memungkinkan kebocoran informasi. CVE-2024-27316 - SQL Injection pada aplikasi berbasis web.
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppApachehttp_server
Configuration 2
TypeVendorProduct
OSFedoraprojectfedora
Configuration 3
TypeVendorProduct
AppNetappontap

References

ReferenceLink
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/
[email protected]https://security.netapp.com/advisory/ntap-20240415-0013/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/04/4
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/
[email protected]https://security.netapp.com/advisory/ntap-20240415-0013/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/03/16
[email protected]http://www.openwall.com/lists/oss-security/2024/04/04/4
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/
[email protected]https://security.netapp.com/advisory/ntap-20240415-0013/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/03/16
[email protected]http://www.openwall.com/lists/oss-security/2024/04/04/4
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html
[email protected]https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/
[email protected]https://security.netapp.com/advisory/ntap-20240415-0013/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/04/4
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html
[email protected]https://www.openwall.com/lists/oss-security/2024/04/03/16
[email protected]http://www.openwall.com/lists/oss-security/2024/04/04/4
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html
[email protected]https://support.apple.com/kb/HT214119
[email protected]https://www.openwall.com/lists/oss-security/2024/04/03/16
[email protected]http://seclists.org/fulldisclosure/2024/Jul/18
[email protected]http://www.openwall.com/lists/oss-security/2024/04/04/4
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html
[email protected]https://support.apple.com/kb/HT214119
[email protected]https://www.openwall.com/lists/oss-security/2024/04/03/16
GITHUBhttp://seclists.org/fulldisclosure/2024/Jul/18

CWE Details

CWE IDCWE NameDescription
CWE-770Allocation of Resources Without Limits or ThrottlingThe software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
CWE-400Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence