GCP-2024-023

Google Cloud Platform Security Advisory

Published: 2024-04-24

Description

DescriptionSeverityNotes

The following CVEs expose Anthos Service Mesh to exploitable vulnerabilities:

  • CVE-2024-27919: HTTP/2: memory exhaustion due to CONTINUATION frame flood.
  • CVE-2024-30255: HTTP/2: CPU exhaustion due to CONTINUATION frame flood
  • CVE-2024-32475: Abnormal termination when using ‘auto_sni’ with ‘:authority’ header longer than 255 characters.
  • CVE-2023-45288: HTTP/2 CONTINUATION frames can be utilized for DoS attacks.

For instructions and more details, see the Anthos Service Mesh security bulletin.

High

CLICK FOR MORE INFORMATION

Leave a Reply

Your email address will not be published. Required fields are marked *