CVE-2024-34750

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-34750
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34750.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-34750
Aliases
Downstream
Related
Published
2024-07-03T20:15:04.083Z
Modified
2026-03-14T12:34:06.782951Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.

The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Introduced
16bf392c67833ad549733b58c350ff92b5ee782a
Fixed
65977c7d1da9b6016e2b19de06c3be7373f40859
Introduced
e9d17cddc285615807ec5fef09240777436b25dc
Fixed
a0038178b617423537dc66b2f516c53da7093421
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
59c81e30e2f64f5e8c1db78c4860c51850dfb0bd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
06d0e42e6cd70aae860f164c27d16bdfdfcdc496
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ae109f6248e00a1952f706d6941ff930ad4466e1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5a67c7c58d8caf24969093e6423b7f0b43df2f6a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
de45b3f200602b98cde70debe7f656bef0bb5fa2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9108a1f6776f7211f5cd27e80b7b5a6e98116b01
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a22029c7147b83e4fbced16add744903245d1147
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ca6ea22e9b6c47df1db85e9af80f80431c3ea19e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
110bc36637569f7e9d191d21ac8600a8667cfc94
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
eee0dbb29048a60ee2c85ebcb9abb1750046c0bf
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
19e301275f23056e3c46ab296c87cf6e16fbe68f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4b03c23ad60e678c1d1a85df815fb6cd8d14ca67
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c400bf727cbc10198d3f52c29849d18660050b0c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8afe2647d7801172cc304f4a47d8aad9646d2985
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3b6de549bdf4f6486c39daa0ae8e4d4b7475b1f6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
06977fbea3c82c3d29e544203983dd3b49a632f1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ce010463a93138d596c54c67b11cdb35fc8244a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
eb9d5f0b70a1b84fa18af30eaf358cfa9e4b87ae
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
434400d882a20e12ea03855f4bd93451bd3362c6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
de714a23642a4d0baef342db6762a7f7a550d82c
Database specific 
{
    "versions": [
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.0.90"
        },
        {
            "introduced": "10.1.0"
        },
        {
            "fixed": "10.1.25"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone13"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone18"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone19"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.0-milestone9"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34750.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9"
            }
        ]
    }
]