CVE-2024-28182

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Apr 4, 2024

Updated: May 1, 2024

CWE ID 770

Summary

CVE-2024-28182 is a vulnerability affecting the nghttp2 library, which implements HTTP/2 in C. Prior to version 1.61.0, this library keeps decoding an unlimited number of CONTINUATION frames after a stream reset, leading to excessive CPU usage due to HPACK stream decoding. This issue, named as "nghttp2 Excessive CPU Usage Vulnerability," can't be bypassed, and users are recommended to upgrade to the latest version of nghttp2 to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vLZQE_
https://www.cve.org/CVERecord?id=CVE-2024-28182
https://nvd.nist.gov/vuln/detail/CVE-2024-28182

Back to Vulnerability Database

CVE-2024-28182

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations