PT-2018-9338 · Nghttp2+2 · Nghttp2+2

James M Snell

Published

2016-12-01

Updated

2026-05-18

CVE-2018-1000168

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions nghttp2 versions 1.10.0 through 1.31.0

Description The issue is related to improper input validation in ALTSVC frame handling, which can cause a segmentation fault and lead to denial of service. This can be exploited via a network client.

Recommendations For nghttp2 versions 1.10.0 through 1.31.0, update to version 1.31.1 or later to resolve the issue.

Fix

DoS

RCE

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-476

Related Identifiers

ALT-PU-2016-2380

ALT-PU-2018-1961

ALT-PU-2018-2455

ALT-PU-2018-2749

CLEANSTART-2026-BD71263

CLEANSTART-2026-IS74202

CLEANSTART-2026-JR35772

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-KZ45320

CLEANSTART-2026-LJ44720

CLEANSTART-2026-LN12820

CLEANSTART-2026-TX00223

CLEANSTART-2026-WI75198

CVE-2018-1000168

DLA-2786-1

OPENSUSE-SU-2018_1963-1

OPENSUSE-SU-2024:11091-1

RHSA-2019:0367

SUSE-SU-2018:1918-1

SUSE-SU-2018_1918-1

SUSE-SU-2019:14246-1

SUSE-SU-2019_14246-1

SUSE-SU-2021:0932-1

Affected Products

Alt Linux

Suse

Nghttp2

PT-2018-9338 · Nghttp2+2 · Nghttp2+2

CVE-2018-1000168

Weakness Enumeration

Related Identifiers

Affected Products

References · 406