VulnerableCode Package Details - pkg:deb/debian/nghttp2@1.43.0-1%2Bdeb11u1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-gv39-q6pw-yfh4 Aliases: CVE-2026-27135	nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination	1.68.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-gv39-q6pw-yfh4
Aliases:
CVE-2026-27135

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

1.68.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-17k5-vadp-4kby	nghttp2: overly large SETTINGS frames can lead to DoS	CVE-2020-11080
VCID-5781-s1ny-q7ey		CVE-2023-44487 GHSA-2m7v-gc89-fjqf GHSA-qppj-fm5r-hxr3 GHSA-vx74-f528-fxqg GHSA-xpw8-rcwv-8f8p GMS-2023-3377 VSV00013
VCID-94sx-qnsn-5ucm	Multiple vulnerabilities have been discovered in nghttp2, the worst of which could lead to a denial of service.	CVE-2024-28182
VCID-9hzg-r1fj-pubf	Excessive CPU usage in HTTP/2 with priority changes	CVE-2019-9513
VCID-d26w-y23c-q7d1	Nghttp2 is vulnerable to a heap-use-after-free flaw in idle stream handling code.	CVE-2015-8659
VCID-dmv4-ydq9-a7eq	Excessive CPU usage in HTTP/2 with small window updates	CVE-2019-9511
VCID-gbnt-abha-47eu	Nghttp2 is vulnerable to a Denial of Service attack.	CVE-2016-1544
VCID-gcuf-2uct-ykcu	nghttp2: Null pointer dereference when too large ALTSVC frame is received	CVE-2018-1000168

Vulnerability

Summary

Aliases

VCID-17k5-vadp-4kby

nghttp2: overly large SETTINGS frames can lead to DoS

CVE-2020-11080

VCID-5781-s1ny-q7ey

CVE-2023-44487
GHSA-2m7v-gc89-fjqf
GHSA-qppj-fm5r-hxr3
GHSA-vx74-f528-fxqg
GHSA-xpw8-rcwv-8f8p
GMS-2023-3377
VSV00013

VCID-94sx-qnsn-5ucm

Multiple vulnerabilities have been discovered in nghttp2, the worst of which could lead to a denial of service.

CVE-2024-28182

VCID-9hzg-r1fj-pubf

Excessive CPU usage in HTTP/2 with priority changes

CVE-2019-9513

VCID-d26w-y23c-q7d1

Nghttp2 is vulnerable to a heap-use-after-free flaw in idle stream handling code.

CVE-2015-8659

VCID-dmv4-ydq9-a7eq

Excessive CPU usage in HTTP/2 with small window updates

CVE-2019-9511

VCID-gbnt-abha-47eu

Nghttp2 is vulnerable to a Denial of Service attack.

CVE-2016-1544

VCID-gcuf-2uct-ykcu

nghttp2: Null pointer dereference when too large ALTSVC frame is received

CVE-2018-1000168

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:01:01.448921+00:00	Debian Importer	Fixing	VCID-94sx-qnsn-5ucm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:34:44.993203+00:00	Debian Importer	Fixing	VCID-d26w-y23c-q7d1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:23:05.546281+00:00	Debian Importer	Fixing	VCID-gcuf-2uct-ykcu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:50:56.857663+00:00	Debian Importer	Fixing	VCID-gbnt-abha-47eu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:32:22.280785+00:00	Debian Importer	Fixing	VCID-9hzg-r1fj-pubf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:18:17.220673+00:00	Debian Importer	Fixing	VCID-dmv4-ydq9-a7eq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:44:33.776605+00:00	Debian Importer	Fixing	VCID-5781-s1ny-q7ey	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:42:57.602248+00:00	Debian Importer	Fixing	VCID-17k5-vadp-4kby	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:56:42.959812+00:00	Debian Importer	Fixing	VCID-94sx-qnsn-5ucm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:36:54.001286+00:00	Debian Importer	Fixing	VCID-d26w-y23c-q7d1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:28:26.218671+00:00	Debian Importer	Fixing	VCID-gcuf-2uct-ykcu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:05:15.849713+00:00	Debian Importer	Fixing	VCID-gbnt-abha-47eu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:51:56.870834+00:00	Debian Importer	Fixing	VCID-9hzg-r1fj-pubf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:41:30.944999+00:00	Debian Importer	Fixing	VCID-dmv4-ydq9-a7eq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:30:11.032930+00:00	Debian Importer	Fixing	VCID-5781-s1ny-q7ey	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:51:23.257417+00:00	Debian Importer	Fixing	VCID-17k5-vadp-4kby	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:47:00.078230+00:00	Debian Importer	Affected by	VCID-gv39-q6pw-yfh4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:47:00.026694+00:00	Debian Importer	Fixing	VCID-94sx-qnsn-5ucm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.977159+00:00	Debian Importer	Fixing	VCID-5781-s1ny-q7ey	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.929706+00:00	Debian Importer	Fixing	VCID-17k5-vadp-4kby	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.888274+00:00	Debian Importer	Fixing	VCID-9hzg-r1fj-pubf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.847502+00:00	Debian Importer	Fixing	VCID-dmv4-ydq9-a7eq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.799894+00:00	Debian Importer	Fixing	VCID-gcuf-2uct-ykcu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.750269+00:00	Debian Importer	Fixing	VCID-gbnt-abha-47eu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.706848+00:00	Debian Importer	Fixing	VCID-d26w-y23c-q7d1	https://security-tracker.debian.org/tracker/data/json	38.1.0