CVE-2024-27316 PoC — Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames

Source

https://github.com/lockness-Ko/CVE-2024-27316

Associated Vulnerability

Title:Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames (CVE-2024-27316)
Description:HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

Description

Proof of concept (PoC) for CVE-2024-27316 (tested), CVE-2024-30255 (untested), CVE-2024-31309 (untested), CVE-2024-28182 (untested), CVE-2024-2653 (untested) and CVE-2024-27919 (untested)

Readme

# CVE-2024-27316

I decided to call this vulnerability specifically "CVE-2024-27316" since I have tested it against this vulnerability. The underlying flaw effects other CVEs so I thought I'd mention those with the hope that others could test and modify this PoC :)

This PoC currently only works against unencrypted http/2 servers.

Sources:
- [https://www.kb.cert.org/vuls/id/421644](https://www.kb.cert.org/vuls/id/421644)

## Running

Building:

```bash
go build
```

Running

```bash
./cve-2024-27316 -t 127.0.0.1:80 -p http -i 8192
./cve-2024-27316 -t 127.0.0.1:443 -p https -i 8192
```

File Snapshot


 [4.0K]  /data/pocs/902672687fe8ed9b00e6024ccb8f39470234af22
├── [ 146]  go.mod
├── [ 308]  go.sum
├── [ 18K]  LICENSE
├── [3.0K]  main.go
└── [ 593]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!