CVE-2024-27316

Published: Apr 4, 2024

Modified: Nov 4, 2025

PUBLISHED

Description

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

Vendor	Product	Versions
Apache Software Foundation	Apache HTTP Server	affected `2.4.17 - <= 2.4.58`

Weaknesses (CWE)

CWE-770

References

https://httpd.apache.org/security/vulnerabilities_24.html

vendor-advisory

https://www.openwall.com/lists/oss-security/2024/04/03/16

http://www.openwall.com/lists/oss-security/2024/04/04/4

https://support.apple.com/kb/HT214119

http://seclists.org/fulldisclosure/2024/Jul/18

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-27316

Description

Affected Products

Weaknesses (CWE)

References