CVE-2024-28182
ADVISORY - nistSummary
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
EPSS Score: 0.00044 (0.142)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Allocation of Resources Without Limits or Throttling
ADVISORY - redhat
Uncontrolled Resource Consumption
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in