Swift package
github.com/apple/swift-nio-http2
pkg:swift/github.com/apple/swift-nio-http2
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Hig | 7.5 | KEV | < 1.28.0 | 1.28.0 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2022-0618 | — | >= 1.0.0, < 1.20 | 1.20 | Mar 9, 2022 | A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padd | ||
| CVE-2022-24668 | — | >= 1.0.0, < 1.19.2 | 1.19.2 | Feb 9, 2022 | A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but bef | ||
| CVE-2022-24667 | — | >= 1.0.0, < 1.19.2 | 1.19.2 | Feb 9, 2022 | A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the | ||
| CVE-2022-24666 | — | >= 1.0.0, < 1.19.2 | 1.19.2 | Feb 9, 2022 | A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HT |
- affected < 1.28.0fixed 1.28.0
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2022-0618Mar 9, 2022affected >= 1.0.0, < 1.20fixed 1.20
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padd
- CVE-2022-24668Feb 9, 2022affected >= 1.0.0, < 1.19.2fixed 1.19.2
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but bef
- CVE-2022-24667Feb 9, 2022affected >= 1.0.0, < 1.19.2fixed 1.19.2
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the
- CVE-2022-24666Feb 9, 2022affected >= 1.0.0, < 1.19.2fixed 1.19.2
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HT