cve 2024 27316

About this tag
CVE-2024-27316 is an Apache HTTP Server vulnerability involving HTTP/2 denial-of-service via endless CONTINUATION frames that cause memory exhaustion. The flaw has been fixed upstream in Apache httpd releases. Microsoft has acknowledged that Azure Linux includes the open-source library and is therefore potentially affected, though this advisory is a product-scoped inventory statement and does not guarantee that no other Microsoft product contains the vulnerable component. Discussions on WindowsForum.com cover the technical details of the vulnerability, its impact on Azure Linux, and the broader implications for Microsoft products that may incorporate the affected Apache httpd library.
  1. CVE-2024-27316: Apache httpd HTTP/2 DoS and Azure Linux Attestation

    The Apache HTTP Server vulnerability tracked as CVE-2024-27316 — an HTTP/2 denial-of-service triggered by an attacker sending endless CONTINUATION frames that cause memory exhaustion — is real, fixed upstream in the Apache httpd releases, and Microsoft’s brief advisory that “Azure Linux includes...