VYPR
Critical severity10.0NVD Advisory· Published Jan 12, 2016· Updated Jun 17, 2026

CVE-2015-8659

CVE-2015-8659

Description

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Nghttp2/Nghttp22 versions
    cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*range: <=1.5.0
    • (no CPE)range: <1.6.0
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=9.2.1
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <=10.11.3
  • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Range: <=9.1
  • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Range: <=2.1

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.