Skip to content
/ poc_http2-continuation-flood Public

Proof of Concept: HTTP/2 CONTINUATION Flood

8 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Ampferl/poc_http2-continuation-flood

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
vulnerable-go-server
vulnerable-go-server
 
 
README.md
README.md
 
 
poc.py
poc.py
 
 

Repository files navigation

PoC: HTTP/2 CONTINUATION Flood Vulnerability

This is a proof of concept for the HTTP/2 CONTINUATION flood vulnerability published by nowotarski.info on April 03, 2024.

This vulnerability can lead to different consequences for vulnerable web servers:

  • CPU exhaustion
  • Out Of Memory crash (After a single or multiple connections)
  • Crash after a few frames sent

(more details in the blog post of nowotarski)

The vulnerable go server in this PoC leads to CPU exhaustion.

Usage

Start the vulnerable go server:

cd vulnerable-go-server
docker build -t vulnerable-go-server .
docker run -p 8000:8000 -d vulnerable-go-server

Install the required prerequisites:

pip install h2

Execute the Proof of Concept:

python3 poc.py

Affected CVEs

  • CVE-2024-27983
  • CVE-2024-27919
  • CVE-2024-2758
  • CVE-2024-2653
  • CVE-2023-45288
  • CVE-2024-28182
  • CVE-2024-27316
  • CVE-2024-31309
  • CVE-2024-30255

References

About

Proof of Concept: HTTP/2 CONTINUATION Flood

Topics

proof-of-concept http2 poc vulnerability http2-continuation-flood

Resources

Readme
Activity

Stars

8 stars

Watchers

2 watching

Forks

2 forks
Report repository

Languages