Launchpad CVE tracker

CVE 2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

Related bugs and status

CVE-2024-27316 (Candidate) is related to these bugs:

Bug #2063187: [Debian] High CVE: CVE-2023-31122/CVE-2023-38709/.../CVE-2024-24795/CVE-2024-27316 apache2 : multiple CVEs

Summary				In	Importance	Status
	2063187	[Debian] High CVE: CVE-2023-31122/CVE-2023-38709/.../CVE-2024-24795/CVE-2024-27316 apache2 : multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2024-27316

References