PT-2018-9338 · Nghttp2+2 · Nghttp2+2

James M Snell

Publicado

2016-12-01

Atualizado

2026-05-18

CVE-2018-1000168

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions nghttp2 versions 1.10.0 through 1.31.0

Description The issue is related to improper input validation in ALTSVC frame handling, which can cause a segmentation fault and lead to denial of service. This can be exploited via a network client.

Recommendations For nghttp2 versions 1.10.0 through 1.31.0, update to version 1.31.1 or later to resolve the issue.

Correção

DoS

RCE

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-476

Identificadores relacionados

ALT-PU-2016-2380

ALT-PU-2018-1961

ALT-PU-2018-2455

ALT-PU-2018-2749

CLEANSTART-2026-BD71263

CLEANSTART-2026-IS74202

CLEANSTART-2026-JR35772

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-KZ45320

CLEANSTART-2026-LJ44720

CLEANSTART-2026-LN12820

CLEANSTART-2026-TX00223

CLEANSTART-2026-WI75198

CVE-2018-1000168

DLA-2786-1

OPENSUSE-SU-2018_1963-1

OPENSUSE-SU-2024:11091-1

RHSA-2019:0367

SUSE-SU-2018:1918-1

SUSE-SU-2018_1918-1

SUSE-SU-2019:14246-1

SUSE-SU-2019_14246-1

SUSE-SU-2021:0932-1

Produtos afetados

Alt Linux

Suse

Nghttp2

PT-2018-9338 · Nghttp2+2 · Nghttp2+2

CVE-2018-1000168

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 406