Critical severity9.8NVD Advisory· Published Apr 2, 2017· Updated Jun 17, 2026
CVE-2017-2428
CVE-2017-2428
Description
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=10.1.1
- (no CPE)range: <10.2
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <=3.1.3
- (no CPE)range: <3.2
- Range: <10.12.4
- Range: <10.3
Patches
Vulnerability mechanics
References
7- www.securityfocus.com/bid/97146nvdThird Party AdvisoryVDB Entry
- github.com/nghttp2/nghttp2/releases/tag/v1.17.0nvdThird Party Advisory
- support.apple.com/HT207601nvdVendor Advisory
- support.apple.com/HT207602nvdVendor Advisory
- support.apple.com/HT207615nvdVendor Advisory
- support.apple.com/HT207617nvdVendor Advisory
- www.securitytracker.com/id/1038138nvd
News mentions
0No linked articles in our index yet.