VulnerableCode Package Details - pkg:deb/debian/nghttp2@1.52.0-1%2Bdeb12u2

Search for packages

Package details: pkg:deb/debian/nghttp2@1.52.0-1%2Bdeb12u2

Essentials
History (1)

purl	pkg:deb/debian/nghttp2@1.52.0-1%2Bdeb12u2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-yxm9-ukxx-j7bd	nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.	CVE-2024-28182

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T17:42:57.430371+00:00	Debian Oval Importer	Fixing	VCID-yxm9-ukxx-j7bd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0