CVE-2024-27316: HTTP/2 CONTINUATION frames without the END_HEADERS flag set can be sent in a continuous stream by an attacker to an Apache Httpd implementation, which will not properly terminate the request early.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=088cdf9b01886b180d1807674608c7da366be8a1 commit 088cdf9b01886b180d1807674608c7da366be8a1 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2024-04-05 06:59:44 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-04-05 07:00:24 +0000 www-servers/apache: add 2.4.59 Bug: https://bugs.gentoo.org/928540 Signed-off-by: Hans de Graaff <graaff@gentoo.org> www-servers/apache/Manifest | 2 + www-servers/apache/apache-2.4.59.ebuild | 252 ++++++++++++++++++++++++++++++++ 2 files changed, 254 insertions(+)