{"uuid": "3c6b955f-0f67-497e-8dc2-9a7044a4c2b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27983", "type": "seen", "source": "https://t.me/arpsyndicate/4433", "content": "#ExploitObserverAlert\n\nCVE-2024-27983\n\nDESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2024-27983. An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.\n\nFIRST-EPSS: 0.000000000", "creation_timestamp": "2024-04-10T11:35:37.000000Z"}