rpm package
suse/nghttp2&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
pkg:rpm/suse/nghttp2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Hig | 7.5 | KEV | < 1.40.0-150000.3.17.1 | 1.40.0-150000.3.17.1 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-35945 | — | < 1.40.0-150000.3.14.1 | 1.40.0-150000.3.14.1 | Jul 13, 2023 | Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due t | ||
| CVE-2020-11080 | — | < 1.40.0-3.11.1 | 1.40.0-3.11.1 | Jun 3, 2020 | In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. T |
- affected < 1.40.0-150000.3.17.1fixed 1.40.0-150000.3.17.1
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2023-35945Jul 13, 2023affected < 1.40.0-150000.3.14.1fixed 1.40.0-150000.3.14.1
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due t
- CVE-2020-11080Jun 3, 2020affected < 1.40.0-3.11.1fixed 1.40.0-3.11.1
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. T