Download
| Alert*
oval:org.secpod.oval:def:58057
nghttp2 is installed oval:org.secpod.oval:def:1801574 nghttp2 is installed oval:org.secpod.oval:def:110011 nghttp2 is installed oval:org.secpod.oval:def:110190 This package contains the HTTP/2 client, server and proxy programs. oval:org.secpod.oval:def:89050448 This update for nghttp2 fixes the following issues: nghttp2 was update to version 1.40.0 - lib: Add nghttp2_check_authority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static and dynami ... oval:org.secpod.oval:def:3302097 Security update for nghttp2 oval:org.secpod.oval:def:89050963 This update for nghttp2 fixes the following issues: * CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent . oval:org.secpod.oval:def:89049561 This update for nghttp2 fixes the following issues: * CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent . oval:org.secpod.oval:def:89050214 This update for nghttp2 fixes the following issues: * CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent . oval:org.secpod.oval:def:19500329 Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving 'RST_STREAM' immediately followed by the 'GOAWAY' frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the 'GO ... oval:org.secpod.oval:def:708220 nghttp2: HTTP/2 C Library and tools nghttp2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:91499 nghttp2: HTTP/2 C Library and tools nghttp2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:118366 This package contains the HTTP/2 client, server and proxy programs. oval:org.secpod.oval:def:2500061 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. oval:org.secpod.oval:def:66554 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer t ... oval:org.secpod.oval:def:110017 This package contains the HTTP/2 client, server and proxy programs. oval:org.secpod.oval:def:110010 This package contains the HTTP/2 client, server and proxy programs. oval:org.secpod.oval:def:2600415 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. oval:org.secpod.oval:def:94003 An update for nghttp2 is now available for Red Hat Enterprise Linux 9. oval:org.secpod.oval:def:96465 nghttp2: HTTP/2 C Library and tools nghttp2 could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:1701837 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:93993 An update for nghttp2 is now available for Red Hat Enterprise Linux 8 oval:org.secpod.oval:def:19500438 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:708613 nghttp2: HTTP/2 C Library and tools nghttp2 could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:96518 It was discovered that libnghttp2, a library implementing the HTTP/2 protocol, handled request cancellation incorrectly. This could result in denial of service. oval:org.secpod.oval:def:89051014 This update for nghttp2 fixes the following issues: * CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack oval:org.secpod.oval:def:1507148 [1.43.0-5.1] - fix HTTP/2 Rapid Reset oval:org.secpod.oval:def:89051009 This update for nghttp2 fixes the following issues: * CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack oval:org.secpod.oval:def:126325 This package contains the HTTP/2 client, server and proxy programs. oval:org.secpod.oval:def:89051127 This update for nghttp2 fixes the following issues: * CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack oval:org.secpod.oval:def:89051717 This update for nghttp2 fixes the following issues: * CVE-2024-28182: Fixed denial of service via http/2 continuation frames oval:org.secpod.oval:def:89051729 This update for nghttp2 fixes the following issues: * CVE-2024-28182: Fixed denial of service via http/2 continuation frames oval:org.secpod.oval:def:1902564 The client creates multiple request streams and continually shuffles the priority of the streams in a way which causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a Denial-of-Service. Also known as "HTTP/2 Resource Loop / Priority Shuffling". oval:org.secpod.oval:def:89050643 This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service . - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and ... oval:org.secpod.oval:def:1601061 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:114295 This package contains the HTTP/2 client, server and proxy programs. oval:org.secpod.oval:def:1902570 The client can request a large amount of data from a specified resource over multiple streams. It can manipulate window sizes and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, po ... oval:org.secpod.oval:def:1700043 nghttp2 version gt;= 1.10.0 and nghttp2 lt;= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have be ... |