Name of the Vulnerable Software and Affected Versions amphp/http-client versions 4.0.0-rc10 through 4.0.0

Description The issue affects early versions of amphp/http-client with HTTP/2 support, causing the collection of HTTP/2 CONTINUATION frames in an unbounded buffer. This occurs because the header size limit is not checked until the END HEADERS flag is received, resulting in an Out-of-Memory (OOM) crash.

Recommendations For amphp/http-client versions 4.0.0-rc10 through 4.0.0, update to version 4.1.0-rc1 or later and ensure you also have an updated version of amphp/http for HTTP/2 processing.