VYPR

rpm package

suse/nghttp2&distro=SUSE Linux Enterprise Module for Basesystem 15 SP4

pkg:rpm/suse/nghttp2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4

Vulnerabilities (2)

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.40.0-150200.12.1fixed 1.40.0-150200.12.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-35945Jul 13, 2023
    affected < 1.40.0-150200.9.1fixed 1.40.0-150200.9.1

    Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due t