CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-2653: CVE-2024-2653

Description

amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.

Classification

CVE ID: CVE-2024-2653

Affected Products

Vendor: AMPHP

Product: amphp/http-client

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.45% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm
https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4
http://www.openwall.com/lists/oss-security/2024/04/03/16

Timeline

2025-02-14 00:31:42 UTC
CVE

CVE-2024-2653