Internet Protocol | Breaking Cybersecurity News | The Hacker News

New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed  HTTP/2 CONTINUATION Flood  by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. "Many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream," CERT/CC  said  in an advisory on April 3, 2024. "An attacker that can send packets to a target server can send a stream of CONTINUATION frames that will not be appended to the header list in memory but will still be processed and decoded by the server or will be appended to the header list, causing an out of memory (OOM) crash." Like in HTTP/1, HTTP/2 uses header fields within requests and responses. These  header fields  can comprise header lists, which in turn, are serialized and broken into  header blo...