Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1000168

Опубликовано: 08 мая 2018
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*
Версия от 1.10.0 (включая) до 1.31.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 6.0.0 (включая) до 6.8.1 (включая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 8.4.0 (включая) до 8.17.0 (включая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.11.2 (включая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 10.0.0 (включая) до 10.4.1 (исключая)
Конфигурация 3
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.06709
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20
CWE-476

Связанные уязвимости

ubuntu логотип

CVE-2018-1000168

CVSS3: 7.5
ubuntu
около 7 лет назад

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

redhat логотип

CVE-2018-1000168

CVSS3: 5.9
redhat
около 7 лет назад

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

msrc логотип

CVE-2018-1000168

CVSS3: 7.5
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-1000168

CVSS3: 7.5
debian
около 7 лет назад

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper ...

github логотип

GHSA-q6fc-wp2r-hvq3

CVSS3: 7.5
github
около 3 лет назад

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

EPSS

Процентиль: 91%
0.06709
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20
CWE-476