VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pdjs-b2ws-rbdq

Essentials
Severities (18)
References (36)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pdjs-b2ws-rbdq
Aliases	CVE-2024-27316
Summary	HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
Status	Published
Exploitability	2.0
Weighted Severity	6.8
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-400	Uncontrolled Resource Consumption
CWE-770	Allocation of Resources Without Limits or Throttling

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json
epss	0.85404	https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss	0.85404	https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss	0.87872	https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss	0.87872	https://api.first.org/data/v1/epss?cve=CVE-2024-27316
epss	0.87872	https://api.first.org/data/v1/epss?cve=CVE-2024-27316
cvssv3.1	7.5	http://seclists.org/fulldisclosure/2024/Jul/18
ssvc	Track	http://seclists.org/fulldisclosure/2024/Jul/18
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://httpd.apache.org/security/vulnerabilities_24.html
ssvc	Track	https://httpd.apache.org/security/vulnerabilities_24.html
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-27316
cvssv3.1	7.5	https://support.apple.com/kb/HT214119
ssvc	Track	https://support.apple.com/kb/HT214119
cvssv3.1	7.5	https://www.openwall.com/lists/oss-security/2024/04/03/16
ssvc	Track	https://www.openwall.com/lists/oss-security/2024/04/03/16
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2024/04/04/4
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/04/04/4

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-27316
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://httpd.apache.org/security/vulnerabilities_24.html
1068412		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
16		https://www.openwall.com/lists/oss-security/2024/04/03/16
18		http://seclists.org/fulldisclosure/2024/Jul/18
2268277		https://bugzilla.redhat.com/show_bug.cgi?id=2268277
4		http://www.openwall.com/lists/oss-security/2024/04/04/4
cpe:2.3:a:apache:http_server::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
cpe:2.3:a:netapp:ontap:9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap:9:::::::*
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
cpe:2.3:o:fedoraproject:fedora:39:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:::::::*
cpe:2.3:o:fedoraproject:fedora:40:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:::::::*
CVE-2024-27316		https://httpd.apache.org/security/json/CVE-2024-27316.json
CVE-2024-27316		https://nvd.nist.gov/vuln/detail/CVE-2024-27316
HT214119		https://support.apple.com/kb/HT214119
RHSA-2024:1786		https://access.redhat.com/errata/RHSA-2024:1786
RHSA-2024:1872		https://access.redhat.com/errata/RHSA-2024:1872
RHSA-2024:2564		https://access.redhat.com/errata/RHSA-2024:2564
RHSA-2024:2693		https://access.redhat.com/errata/RHSA-2024:2693
RHSA-2024:2694		https://access.redhat.com/errata/RHSA-2024:2694
RHSA-2024:2891		https://access.redhat.com/errata/RHSA-2024:2891
RHSA-2024:2907		https://access.redhat.com/errata/RHSA-2024:2907
RHSA-2024:3402		https://access.redhat.com/errata/RHSA-2024:3402
RHSA-2024:3417		https://access.redhat.com/errata/RHSA-2024:3417
RHSA-2024:4390		https://access.redhat.com/errata/RHSA-2024:4390
USN-6729-1		https://usn.ubuntu.com/6729-1/
USN-6729-2		https://usn.ubuntu.com/6729-2/
USN-6729-3		https://usn.ubuntu.com/6729-3/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://seclists.org/fulldisclosure/2024/Jul/18

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/ Found at http://seclists.org/fulldisclosure/2024/Jul/18

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://httpd.apache.org/security/vulnerabilities_24.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/ Found at https://httpd.apache.org/security/vulnerabilities_24.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27316

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://support.apple.com/kb/HT214119

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/ Found at https://support.apple.com/kb/HT214119

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openwall.com/lists/oss-security/2024/04/03/16

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/ Found at https://www.openwall.com/lists/oss-security/2024/04/03/16

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/04/04/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/ Found at http://www.openwall.com/lists/oss-security/2024/04/04/4

Exploit Prediction Scoring System (EPSS)

Percentile	0.99334
EPSS Score	0.85404
Published At	Aug. 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:29:09.776590+00:00	Apache HTTPD Importer	Import	https://httpd.apache.org/security/json/CVE-2024-27316.json	37.0.0