CVE-2024-28182
ADVISORY - nistSummary
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
EPSS Score: 0.00044 (0.142)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Allocation of Resources Without Limits or Throttling
ADVISORY - redhat
Uncontrolled Resource Consumption
NIST
CREATED
UPDATED
ADVISORY IDCVE-2024-28182
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
Debian
CREATED
UPDATED
ADVISORY IDCVE-2024-28182
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2024-28182
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Alma
CREATED
UPDATED
ADVISORY IDALSA-2024:2778
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Alma
CREATED
UPDATED
ADVISORY IDALSA-2024:2780
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Alma
CREATED
UPDATED
ADVISORY IDALSA-2024:2779
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Alma
CREATED
UPDATED
ADVISORY IDALSA-2024:4252
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Alma
CREATED
UPDATED
ADVISORY IDALSA-2024:2853
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Alma
CREATED
UPDATED
ADVISORY IDALSA-2024:2910
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Alma
CREATED
UPDATED
ADVISORY IDALSA-2024:3501
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Amazon
CREATED
UPDATED
ADVISORY IDALAS2023-2024-592
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Amazon
CREATED
UPDATED
ADVISORY IDALAS2023-2024-594
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Amazon
CREATED
UPDATED
ADVISORY IDALAS2023-2024-593
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Amazon
CREATED
UPDATED
ADVISORY IDALAS-2024-1935
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Amazon
CREATED
UPDATED
ADVISORY IDALAS2-2024-2523
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Red Hat
CREATED
UPDATED
ADVISORY IDCVE-2024-28182
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
Rocky
CREATED
UPDATED
ADVISORY IDRLSA-2024:2780
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Rocky
CREATED
UPDATED
ADVISORY IDRLSA-2024:2778
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Rocky
CREATED
UPDATED
ADVISORY IDRLSA-2024:2779
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Rocky
CREATED
UPDATED
ADVISORY IDRLSA-2024:2853
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Rocky
CREATED
UPDATED
ADVISORY IDRLSA-2024:2910
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Rocky
CREATED
UPDATED
ADVISORY IDRLSA-2024:3501
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Oracle
CREATED
UPDATED
ADVISORY IDELSA-2024-4252
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Oracle
CREATED
UPDATED
ADVISORY IDELSA-2024-2778
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Oracle
CREATED
UPDATED
ADVISORY IDELSA-2024-2780
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Oracle
CREATED
UPDATED
ADVISORY IDELSA-2024-2779
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Oracle
CREATED
UPDATED
ADVISORY IDELSA-2024-2853
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Oracle
CREATED
UPDATED
ADVISORY IDELSA-2024-3501
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Oracle
CREATED
UPDATED
ADVISORY IDELSA-2024-2910
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-3396-g349-3rv6
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-