VYPR

rpm package

almalinux/nghttp2

pkg:rpm/almalinux/nghttp2

Vulnerabilities (4)

  • CVE-2026-27135HigMar 18, 2026
    affected < 1.64.0-2.el10_1.1fixed 1.64.0-2.el10_1.1

    nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the ap

  • CVE-2024-28182Apr 4, 2024
    affected < 1.43.0-5.el9_4.3fixed 1.43.0-5.el9_4.3

    nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usag

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.33.0-5.el8_8fixed 1.33.0-5.el8_8

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2020-11080Jun 3, 2020
    affected < 1.33.0-3.el8_2.1fixed 1.33.0-3.el8_2.1

    In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. T