{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T20:23:05.408","vulnerabilities":[{"cve":{"id":"CVE-2024-2653","sourceIdentifier":"cret@cert.org","published":"2024-04-03T18:15:07.317","lastModified":"2026-06-17T07:24:58.423","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash."},{"lang":"es","value":"amphp/http recopilará cuadros de CONTINUACIÓN en un búfer ilimitado y no verificará un límite hasta que haya recibido el indicador END_HEADERS establecido, lo que provocará un bloqueo de OOM."}],"affected":[{"source":"cret@cert.org","affectedData":[{"vendor":"AMPHP","product":"amphp/http-client","versions":[{"version":"v4.0.0-rc10","lessThanOrEqual":"4.0.0","versionType":"custom","status":"affected"}]},{"vendor":"AMPHP","product":"amphp/http","versions":[{"version":"2.0.0-beta.1","lessThanOrEqual":"2.1.0","versionType":"custom","status":"affected"}]},{"vendor":"AMPHP","product":"amphp/http","versions":[{"version":"v1.6.0-rc1","lessThanOrEqual":"1.7.2","versionType":"custom","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"amphp","product":"http-client","defaultStatus":"affected","cpes":["cpe:2.3:a:amphp:http-client:*:*:*:*:*:*:*:*"],"versions":[{"version":"v4.0.0-rc10","lessThanOrEqual":"4.0.0","versionType":"custom","status":"affected"}]},{"vendor":"amphp","product":"http","defaultStatus":"affected","cpes":["cpe:2.3:a:amphp:http:*:*:*:*:*:*:*:*"],"versions":[{"version":"2.0.0-beta1","lessThanOrEqual":"2.1.0","versionType":"custom","status":"affected"}]},{"vendor":"amphp","product":"http","defaultStatus":"affected","cpes":["cpe:2.3:a:amphp:http:*:*:*:*:*:*:*:*"],"versions":[{"version":"v1.6.0-rc1","lessThanOrEqual":"1.7.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-06T16:35:51.687001Z","id":"CVE-2024-2653","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"http://www.openwall.com/lists/oss-security/2024/04/03/16","source":"cret@cert.org"},{"url":"https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4","source":"cret@cert.org"},{"url":"https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm","source":"cret@cert.org"},{"url":"http://www.openwall.com/lists/oss-security/2024/04/03/16","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/421644","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}