Severity: moderate Affected versions:
- Apache HTTP Server 2.4.17 through 2.4.58 Description: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. Credit: Bartek Nowotarski (https://nowotarski.info/) (finder) References: https://httpd.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-27316 Timeline: 2024-02-22: Reported to security team
