VulnerableCode Package Details - pkg:deb/debian/nghttp2@1.43.0-1

Search for packages

Package details: pkg:deb/debian/nghttp2@1.43.0-1

Essentials
History (3)

purl	pkg:deb/debian/nghttp2@1.43.0-1
Tags	Ghost

Next non-vulnerable version	1.52.0-1+deb12u2
Latest non-vulnerable version	1.52.0-1+deb12u2
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-6y3x-kyj7-aaaf Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.	1.43.0-1+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.58.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6y3x-kyj7-aaaf
Aliases:
CVE-2023-44487
GHSA-qppj-fm5r-hxr3
VSV00013

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

1.43.0-1+deb11u1
Affected by 1 other vulnerability.

1.58.0-1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-01-10T19:02:24.412173+00:00	Debian Importer	Fixing	VCID-1j4w-hqp4-aaah	None	34.0.0rc2
2024-01-05T09:53:28.418163+00:00	Debian Importer	Affected by	VCID-6y3x-kyj7-aaaf	None	34.0.0rc1
2024-01-04T08:31:09.976299+00:00	Debian Importer	Fixing	VCID-1j4w-hqp4-aaah	None	34.0.0rc1