Allocation of Resources Without Limits or Throttling Affecting amphp/http package, versions <1.7.3 >=2.0.0-beta.1, <2.1.1
Snyk CVSS
Attack Complexity
Low
Availability
High
Threat Intelligence
EPSS
0.05% (15th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-AMPHPHTTP-6531295
- published 4 Apr 2024
- disclosed 3 Apr 2024
- credit Bartek Nowotarski
Introduced: 3 Apr 2024
CVE-2024-2653 Open this link in a new tabHow to fix?
Upgrade amphp/http
to version 1.7.3, 2.1.1 or higher.
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading CONTINUATION
frames without checking for headerSizeLimit
. An attacker can cause a an out-of-memory crash by by sending excessive CONTINUATION
frames without an END_HEADERS
.