CVE-2024-27983

{"id": "CVE-2024-27983", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "support@hackerone.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2024-04-09T01:15:49.197", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16", "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/2319584", "source": "support@hackerone.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/", "source": "support@hackerone.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/", "source": "support@hackerone.com"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition."}, {"lang": "es", "value": "Un atacante puede hacer que el servidor HTTP/2 de Node.js no est\u00e9 completamente disponible enviando una peque\u00f1a cantidad de paquetes de tramas HTTP/2 con algunas tramas HTTP/2 en su interior. Es posible dejar algunos datos en la memoria nghttp2 despu\u00e9s del reinicio cuando los encabezados con el frame de CONTINUATION HTTP/2 se env\u00edan al servidor y luego el cliente cierra abruptamente una conexi\u00f3n TCP activando el destructor Http2Session mientras los frames de encabezado a\u00fan se est\u00e1n procesando (y almacenando en la memoria) causando una condici\u00f3n de ejecuci\u00f3n."}], "lastModified": "2024-05-01T18:15:16.570", "sourceIdentifier": "support@hackerone.com"}