CVE-2024-2758

Name of the Vulnerable Software and Affected Versions Tempesta (affected versions not specified)

Description The issue is related to a firewall vulnerability in the implementation of the HTTP/2 protocol, specifically concerning the handling of CONTINUATION frames. This can lead to an uncontrolled consumption of resources due to incorrect detection of the end of a header. An attacker could exploit this to cause a denial of service. The rate limits in Tempesta FW are not enabled by default and may be set either too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.