2024 HTTP/2 CONTINUATION Flood A class of vulnerabilities I discovered and worked on in Q1 of 2024. Affects multiple HTTP/2 implementations: amphp/http (CVE-2024-2653), Apache HTTP Server (httpd) (CVE-2024-27316), Apache Tomcat (CVE-2024-24549), Apache Traffic Server (CVE-2024-31309), Envoy proxy (CVE-2024-27919, CVE-2024-30255), Golang (CVE-2023-45288), nghttp2 (CVE-2024-28182), Node.js (CVE-2024-27983), Tempesta FW (CVE-2024-2758) and more. 2023 Vulnerabilities connected to net/textproto.Re...| nowotarski.info