Search for vulnerabilities
Vulnerability details: VCID-6nrk-j4zn-aaae
Vulnerability ID VCID-6nrk-j4zn-aaae
Aliases CVE-2024-27316
Summary HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-400 Uncontrolled Resource Consumption
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
cvssv3.1 5.3 https://access.redhat.com/errata/RHSA-2024:5143
ssvc Track https://access.redhat.com/errata/RHSA-2024:5143
cvssv3.1 5.3 https://access.redhat.com/errata/RHSA-2024:5144
ssvc Track https://access.redhat.com/errata/RHSA-2024:5144
cvssv3.1 5.3 https://access.redhat.com/errata/RHSA-2024:5145
ssvc Track https://access.redhat.com/errata/RHSA-2024:5145
cvssv3.1 5.3 https://access.redhat.com/errata/RHSA-2024:5147
ssvc Track https://access.redhat.com/errata/RHSA-2024:5147
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.86598 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.86749 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.86749 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.87748 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.8849 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.8849 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.8849 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.8849 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.8849 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.8849 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.8849 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.89857 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.89857 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.89857 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.89857 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.89857 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.89857 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.89857 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.89946 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.89946 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.89946 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.89946 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.90356 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.90448 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.90448 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.90448 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.90448 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.90448 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.90448 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.91066 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.91193 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss 0.91634 https://api.first.org/data/v1/epss?cve=CVE-2024-27316
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://httpd.apache.org/security/vulnerabilities_24.html
generic_textual HIGH https://httpd.apache.org/security/vulnerabilities_24.html
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-27316
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-27316
cvssv3.1 8.2 http://www.openwall.com/lists/oss-security/2024/04/03/16
generic_textual HIGH http://www.openwall.com/lists/oss-security/2024/04/03/16
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json
https://api.first.org/data/v1/epss?cve=CVE-2024-27316
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
http://seclists.org/fulldisclosure/2024/Jul/18
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/
https://security.netapp.com/advisory/ntap-20240415-0013/
https://support.apple.com/kb/HT214119
https://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/04/4
1068412 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
2268277 https://bugzilla.redhat.com/show_bug.cgi?id=2268277
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-27316 https://httpd.apache.org/security/json/CVE-2024-27316.json
CVE-2024-27316 https://nvd.nist.gov/vuln/detail/CVE-2024-27316
GLSA-202409-31 https://security.gentoo.org/glsa/202409-31
RHSA-2024:1786 https://access.redhat.com/errata/RHSA-2024:1786
RHSA-2024:1872 https://access.redhat.com/errata/RHSA-2024:1872
RHSA-2024:2564 https://access.redhat.com/errata/RHSA-2024:2564
RHSA-2024:2693 https://access.redhat.com/errata/RHSA-2024:2693
RHSA-2024:2694 https://access.redhat.com/errata/RHSA-2024:2694
RHSA-2024:2891 https://access.redhat.com/errata/RHSA-2024:2891
RHSA-2024:2907 https://access.redhat.com/errata/RHSA-2024:2907
RHSA-2024:3402 https://access.redhat.com/errata/RHSA-2024:3402
RHSA-2024:3417 https://access.redhat.com/errata/RHSA-2024:3417
RHSA-2024:4390 https://access.redhat.com/errata/RHSA-2024:4390
RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5143
RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5144
RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5145
RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:5147
USN-6729-1 https://usn.ubuntu.com/6729-1/
USN-6729-2 https://usn.ubuntu.com/6729-2/
USN-6729-3 https://usn.ubuntu.com/6729-3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5143
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5143
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5144
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5144
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5145
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5145
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5147
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5147
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://httpd.apache.org/security/vulnerabilities_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Found at http://www.openwall.com/lists/oss-security/2024/04/03/16
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.48672
EPSS Score 0.00129
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:19:09.480168+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-27316 34.0.0rc4