CVE-2024-31309

{"id": "CVE-2024-31309", "metrics": {}, "published": "2024-04-10T12:15:09.257", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16", "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/10/7", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc", "source": "security@apache.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html", "source": "security@apache.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/", "source": "security@apache.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/", "source": "security@apache.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/", "source": "security@apache.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "HTTP/2 CONTINUATION\u00a0DoS attack can cause Apache Traffic Server to consume more resources on the server.\u00a0 Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\u00a0affected.\n\nUsers can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \u00a0ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.\nUsers are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.\n\n"}, {"lang": "es", "value": "Un ataque de HTTP/2 CONTINUATION DoS puede hacer que Apache Traffic Server consuma m\u00e1s recursos en el servidor. Las versiones de 8.0.0 a 8.1.9 y de 9.0.0 a 9.2.3 se ven afectadas. Los usuarios pueden establecer una nueva configuraci\u00f3n (proxy.config.http2.max_continuation_frames_per_minuto) para limitar el n\u00famero de fotogramas de CONTINUACI\u00d3N por minuto. ATS tiene una cantidad fija de memoria que una solicitud puede usar y ATS cumple con estos l\u00edmites en versiones anteriores. Se recomienda a los usuarios actualizar a las versiones 8.1.10 o 9.2.4, que solucionan el problema."}], "lastModified": "2024-05-01T18:15:23.233", "sourceIdentifier": "security@apache.org"}