VYPR

rpm package

opensuse/nghttp2-python&distro=openSUSE Leap 15.4

pkg:rpm/opensuse/nghttp2-python&distro=openSUSE%20Leap%2015.4

Vulnerabilities (2)

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.40.0-150200.12.1fixed 1.40.0-150200.12.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-35945Jul 13, 2023
    affected < 1.40.0-150200.9.1fixed 1.40.0-150200.9.1

    Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due t