CVE-2024-2653

amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt