High severity7.5NVD Advisory· Published Apr 12, 2018· Updated Jun 17, 2026

CVE-2018-0956

Description

A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

Affected products

Microsoft/Windows 10llm-fuzzy
Microsoft/Windows Server 2016llm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: (Server Core installation)
Microsoft/Windows 10 1909cpe-rescue
Range: 32-bit Systems
Microsoft/Windows Server 2003cpe-rescue
Range: version 1709 (Server Core Installation)

Patches

Vulnerability mechanics

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0956nvdPatchVendor Advisory
www.securityfocus.com/bid/103650nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1040661nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000