CVE-2022-24668: 
Swift vulnerability analysis and mitigation

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This vulnerability affects all swift-nio-http2 versions from 1.0.0 to 1.19.1, with the fix implemented in version 1.19.2. The vulnerability was discovered through automated fuzzing by oss-fuzz and was disclosed in February 2022 (GitHub Advisory).

The vulnerability stems from a logical error in the code that occurs after frame parsing but before frame handling. While ORIGIN and ALTSVC frames are not supported by swift-nio-http2 and should be ignored, a deliberate trap was left in one code path from the original development process. The vulnerability has been assigned a CVSS v3.1 score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network vector attack with low complexity and no required privileges or user interaction (GitHub Advisory).

The impact on availability is severe, as receiving the malicious frame immediately crashes the server, resulting in dropped connections and requiring service restart. While the attack doesn't directly compromise confidentiality or integrity, the sudden process crashes could potentially lead to violations of service invariants, which might create additional security risks. The attack requires minimal resources to execute but can achieve substantial denial of service through repeated frame sending (GitHub Advisory).

The vulnerability has been fixed in version 1.19.2 by rewriting the parsing code to correctly handle the condition. For systems unable to update immediately, the risk can be mitigated by preventing untrusted peers from communicating with the service, though this mitigation strategy may not be feasible for many services (GitHub Advisory).