CVE-2024-2653P2HIGH≥ 2.0.0, < 2.1.1·≥ 0, < 1.7.32024-04-03
CVE-2024-2653 [HIGH] AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
`amphp/http` will collect HTTP/2 `CONTINUATION` frames in an unbounded buffer and will not check the header size limit until it has received the `END_HEADERS` flag, resulting in an OOM crash. `amphp/http-client` and `amphp/http-server` are indirectly affected if they're used with an unpatched version of `amphp/http`. Early versions of `amphp/http-client` with HTTP/2
ghsaosv