VulnerableCode Package Details - pkg:deb/debian/nghttp2@1.52.0-1%2Bdeb12u2?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-gv39-q6pw-yfh4 Aliases: CVE-2026-27135	nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination	1.68.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-gv39-q6pw-yfh4
Aliases:
CVE-2026-27135

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

1.68.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-17k5-vadp-4kby	nghttp2: overly large SETTINGS frames can lead to DoS	CVE-2020-11080
VCID-5781-s1ny-q7ey		CVE-2023-44487 GHSA-2m7v-gc89-fjqf GHSA-qppj-fm5r-hxr3 GHSA-vx74-f528-fxqg GHSA-xpw8-rcwv-8f8p GMS-2023-3377 VSV00013
VCID-94sx-qnsn-5ucm	Multiple vulnerabilities have been discovered in nghttp2, the worst of which could lead to a denial of service.	CVE-2024-28182
VCID-9hzg-r1fj-pubf	Excessive CPU usage in HTTP/2 with priority changes	CVE-2019-9513
VCID-d26w-y23c-q7d1	Nghttp2 is vulnerable to a heap-use-after-free flaw in idle stream handling code.	CVE-2015-8659
VCID-dmv4-ydq9-a7eq	Excessive CPU usage in HTTP/2 with small window updates	CVE-2019-9511
VCID-gbnt-abha-47eu	Nghttp2 is vulnerable to a Denial of Service attack.	CVE-2016-1544
VCID-gcuf-2uct-ykcu	nghttp2: Null pointer dereference when too large ALTSVC frame is received	CVE-2018-1000168

Vulnerability

Summary

Aliases

VCID-17k5-vadp-4kby

nghttp2: overly large SETTINGS frames can lead to DoS

CVE-2020-11080

VCID-5781-s1ny-q7ey

CVE-2023-44487
GHSA-2m7v-gc89-fjqf
GHSA-qppj-fm5r-hxr3
GHSA-vx74-f528-fxqg
GHSA-xpw8-rcwv-8f8p
GMS-2023-3377
VSV00013

VCID-94sx-qnsn-5ucm

Multiple vulnerabilities have been discovered in nghttp2, the worst of which could lead to a denial of service.

CVE-2024-28182

VCID-9hzg-r1fj-pubf

Excessive CPU usage in HTTP/2 with priority changes

CVE-2019-9513

VCID-d26w-y23c-q7d1

Nghttp2 is vulnerable to a heap-use-after-free flaw in idle stream handling code.

CVE-2015-8659

VCID-dmv4-ydq9-a7eq

Excessive CPU usage in HTTP/2 with small window updates

CVE-2019-9511

VCID-gbnt-abha-47eu

Nghttp2 is vulnerable to a Denial of Service attack.

CVE-2016-1544

VCID-gcuf-2uct-ykcu

nghttp2: Null pointer dereference when too large ALTSVC frame is received

CVE-2018-1000168

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:01:01.461386+00:00	Debian Importer	Fixing	VCID-94sx-qnsn-5ucm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:34:44.998093+00:00	Debian Importer	Fixing	VCID-d26w-y23c-q7d1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:23:05.553810+00:00	Debian Importer	Fixing	VCID-gcuf-2uct-ykcu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:50:56.862287+00:00	Debian Importer	Fixing	VCID-gbnt-abha-47eu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:32:22.285463+00:00	Debian Importer	Fixing	VCID-9hzg-r1fj-pubf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:18:17.226003+00:00	Debian Importer	Fixing	VCID-dmv4-ydq9-a7eq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:44:33.790191+00:00	Debian Importer	Fixing	VCID-5781-s1ny-q7ey	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:42:57.606964+00:00	Debian Importer	Fixing	VCID-17k5-vadp-4kby	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:56:42.973024+00:00	Debian Importer	Fixing	VCID-94sx-qnsn-5ucm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:36:54.006018+00:00	Debian Importer	Fixing	VCID-d26w-y23c-q7d1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:28:26.226751+00:00	Debian Importer	Fixing	VCID-gcuf-2uct-ykcu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:05:15.855255+00:00	Debian Importer	Fixing	VCID-gbnt-abha-47eu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:51:56.875909+00:00	Debian Importer	Fixing	VCID-9hzg-r1fj-pubf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:41:30.954163+00:00	Debian Importer	Fixing	VCID-dmv4-ydq9-a7eq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:30:11.039370+00:00	Debian Importer	Fixing	VCID-5781-s1ny-q7ey	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:51:23.262726+00:00	Debian Importer	Fixing	VCID-17k5-vadp-4kby	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:47:00.082133+00:00	Debian Importer	Affected by	VCID-gv39-q6pw-yfh4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:47:00.018649+00:00	Debian Importer	Fixing	VCID-94sx-qnsn-5ucm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.959899+00:00	Debian Importer	Fixing	VCID-5781-s1ny-q7ey	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.915276+00:00	Debian Importer	Fixing	VCID-17k5-vadp-4kby	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.874799+00:00	Debian Importer	Fixing	VCID-9hzg-r1fj-pubf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.833176+00:00	Debian Importer	Fixing	VCID-dmv4-ydq9-a7eq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.780357+00:00	Debian Importer	Fixing	VCID-gcuf-2uct-ykcu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.735884+00:00	Debian Importer	Fixing	VCID-gbnt-abha-47eu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:59.691561+00:00	Debian Importer	Fixing	VCID-d26w-y23c-q7d1	https://security-tracker.debian.org/tracker/data/json	38.1.0