Author: covener
Revision: 1916779
Modified property: svn:log
Modified: svn:log at Thu Apr 4 14:01:52 2024
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Thu Apr 4 14:01:52 2024
@@ -1,6 +1,12 @@
Merge r1916771 from trunk:
-bail after too many failed reads
+ *) SECURITY: CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by
+ memory exhaustion on endless continuation frames (cve.mitre.org)
+ HTTP/2 incoming headers exceeding the limit are temporarily
+ buffered in nghttp2 in order to generate an informative HTTP 413
+ response. If a client does not stop sending headers, this leads
+ to memory exhaustion.
+ Credits: Bartek Nowotarski (https://nowotarski.info/)
Submitted By: icing
Revision: 1916779
Modified property: svn:log
Modified: svn:log at Thu Apr 4 14:01:52 2024
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Thu Apr 4 14:01:52 2024
@@ -1,6 +1,12 @@
Merge r1916771 from trunk:
-bail after too many failed reads
+ *) SECURITY: CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by
+ memory exhaustion on endless continuation frames (cve.mitre.org)
+ HTTP/2 incoming headers exceeding the limit are temporarily
+ buffered in nghttp2 in order to generate an informative HTTP 413
+ response. If a client does not stop sending headers, this leads
+ to memory exhaustion.
+ Credits: Bartek Nowotarski (https://nowotarski.info/)
Submitted By: icing