CVE search results

1 – 10 of 11 results

Detailed view

Sort by:

CVE-2024-28182

Medium priority

Fixed

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep...

1 affected packages

nghttp2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nghttp2	Fixed	Fixed	Fixed	Fixed	Fixed

CVE-2023-44487

High priority

Some fixes available 18 of 56

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

13 affected packages

dotnet6, dotnet7, dotnet8, h2o, haproxy...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
dotnet6	Not in release	Fixed	Not in release	Not in release	Not in release
dotnet7	Not in release	Fixed	Not in release	Not in release	Not in release
dotnet8	Fixed	Not affected	Not in release	Not in release	Not in release
h2o	Not affected	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
haproxy	Not affected	Not affected	Not affected	Fixed	Not affected
netty	Not affected	Fixed	Fixed	Not affected	Not affected
nghttp2	Not affected	Fixed	Fixed	Fixed	Fixed
nginx	Not affected	Not affected	Not affected	Not affected	Not affected
nodejs	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tomcat10	Needs evaluation	Not in release	Not in release	Ignored	Ignored
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
trafficserver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-0326

Low priority

Needs evaluation

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

5 affected packages

cargo, groonga, h2o, mruby, nghttp2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cargo	Not in release	Not affected	Not affected	Not affected	Not affected
groonga	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
h2o	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
mruby	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
nghttp2	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2022-0240

Low priority

Needs evaluation

mruby is vulnerable to NULL Pointer Dereference

5 affected packages

cargo, groonga, h2o, mruby, nghttp2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cargo	Not in release	Not affected	Not affected	Not affected	Not affected
groonga	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
h2o	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
mruby	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
nghttp2	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2020-11080

Medium priority

Some fixes available 3 of 10

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400...

2 affected packages

nghttp2, nodejs

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nghttp2	Not affected	Not affected	Fixed	Fixed	Fixed
nodejs	Needs evaluation	Not affected	Not affected	Not affected	Not affected

CVE-2016-1544

Unknown priority

Ignored

nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).

1 affected packages

nghttp2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nghttp2	—	—	—	—	Not affected

CVE-2019-9513

Medium priority

Some fixes available 15 of 25

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes...

3 affected packages

nghttp2, nginx, nodejs

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nghttp2	Not affected	Not affected	Not affected	Fixed	Fixed
nginx	Fixed	Fixed	Fixed	Fixed	Fixed
nodejs	Not affected	Not affected	Not affected	Ignored	Ignored

CVE-2019-9511

Medium priority

Some fixes available 15 of 25

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over...

3 affected packages

nghttp2, nginx, nodejs

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nghttp2	Not affected	Not affected	Not affected	Fixed	Fixed
nginx	Fixed	Fixed	Fixed	Fixed	Fixed
nodejs	Not affected	Not affected	Not affected	Ignored	Ignored

CVE-2018-1000168

Medium priority

Some fixes available 1 of 2

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to...

1 affected packages

nghttp2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nghttp2	—	—	—	Fixed	Not affected

CVE-2017-2428

Medium priority

Ignored

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the...

1 affected packages

nghttp2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nghttp2	—	—	—	—	Not affected

Export to JSON

Results by page:

Search CVE reports