CVE-2018-16844

Name of the Vulnerable Software and Affected Versions nginx versions 1.14.0 through 1.14.1 nginx versions 1.15.0 through 1.15.6

Description The issue is related to the implementation of HTTP/2 in nginx, which can lead to excessive CPU usage. This problem affects nginx compiled with the ngx http v2 module, but only if the 'http2' option of the 'listen' directive is used in a configuration file. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions 1.14.0 through 1.14.1, update to version 1.14.1 or later. For versions 1.15.0 through 1.15.6, update to version 1.15.6 or later. As a temporary workaround, consider disabling the ngx http v2 module module or removing the 'http2' option from the 'listen' directive in the configuration file until a patch is available.