VYPR

rpm package

suse/nghttp2&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

pkg:rpm/suse/nghttp2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Vulnerabilities (2)

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.40.0-150200.12.1fixed 1.40.0-150200.12.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-35945Jul 13, 2023
    affected < 1.40.0-150200.9.1fixed 1.40.0-150200.9.1

    Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due t