Nghttp2 · Nghttp2 · CVE-2018-1000168
**Name of the Vulnerable Software and Affected Versions**
nghttp2 versions 1.10.0 through 1.31.0
**Description**
The issue is related to improper input validation in ALTSVC frame handling, which can cause a segmentation fault and lead to denial of service. This can be exploited via a network client.
**Recommendations**
For nghttp2 versions 1.10.0 through 1.31.0, update to version 1.31.1 or later to resolve the issue.