Search for packages
| purl | pkg:deb/ubuntu/nghttp2@1.5.0-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9aqc-7kb7-aaak
Aliases: CVE-2015-8659 |
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. |
Affected by 3 other vulnerabilities. |
|
VCID-dev6-y14h-aaaf
Aliases: CVE-2016-1544 |
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). |
Affected by 3 other vulnerabilities. |
|
VCID-t7tm-t2rh-aaah
Aliases: CVE-2019-9513 |
Excessive CPU usage in HTTP/2 with priority changes |
Affected by 0 other vulnerabilities. |
|
VCID-upm8-w23e-aaab
Aliases: CVE-2018-1000168 |
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. |
Affected by 2 other vulnerabilities. |
|
VCID-vkg1-2urs-aaap
Aliases: CVE-2019-9511 |
Excessive CPU usage in HTTP/2 with small window updates |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|