What is CVE-2024-2758?

CVE-2024-2758 is a vulnerability in Tempesta Fw, classified under CWE-1188: INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT. Published 2024-04-03.

Is CVE-2024-2758 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Tempesta Fw

CVE-2024-2758

Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.

EPSS: 0.728 (99.4th percentile) — read the EPSS interpretation.

Affected products

Tempesta Fw — versions 0.7.0

Public proof-of-concept exploits

Ampferl/poc_
DrewskyDev/H2Flood
Vos68/HTTP2-Continuation-Flood-PoC

References

github.com/tempesta-tech/tempesta/security/advisories/GHSA-3xwj-5ch3-q9p4
www.kb.cert.org/vuls/id/421644
www.openwall.com/lists/oss-security/2024/04/03/16

Frequently asked questions

What is CVE-2024-2758?: CVE-2024-2758 is a vulnerability in Tempesta Fw, classified under CWE-1188: INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT. Published 2024-04-03.
Is CVE-2024-2758 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.