rpm package
suse/nghttp2&distro=SUSE Linux Enterprise Server 12 SP2-LTSS
pkg:rpm/suse/nghttp2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11080 | — | < 1.39.2-3.5.1 | 1.39.2-3.5.1 | Jun 3, 2020 | In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. T | ||
| CVE-2016-1544 | — | < 1.39.2-3.5.1 | 1.39.2-3.5.1 | Feb 6, 2020 | nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). | ||
| CVE-2019-9513 | — | < 1.39.2-3.5.1 | 1.39.2-3.5.1 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consu | ||
| CVE-2019-9511 | — | < 1.39.2-3.5.1 | 1.39.2-3.5.1 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and | ||
| CVE-2018-1000168 | — | < 1.39.2-3.5.1 | 1.39.2-3.5.1 | May 8, 2018 | nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability ap |
- CVE-2020-11080Jun 3, 2020affected < 1.39.2-3.5.1fixed 1.39.2-3.5.1
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. T
- CVE-2016-1544Feb 6, 2020affected < 1.39.2-3.5.1fixed 1.39.2-3.5.1
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
- CVE-2019-9513Aug 13, 2019affected < 1.39.2-3.5.1fixed 1.39.2-3.5.1
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consu
- CVE-2019-9511Aug 13, 2019affected < 1.39.2-3.5.1fixed 1.39.2-3.5.1
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and
- CVE-2018-1000168May 8, 2018affected < 1.39.2-3.5.1fixed 1.39.2-3.5.1
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability ap