Количество 19
Количество 19
CVE-2024-28182
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
CVE-2024-28182
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
CVE-2024-28182
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
CVE-2024-28182
CVE-2024-28182
nghttp2 is an implementation of the Hypertext Transfer Protocol versio ...
SUSE-SU-2024:1167-1
Security update for nghttp2
SUSE-SU-2024:1156-1
Security update for nghttp2
RLSA-2024:4252
Moderate: nghttp2 security update
RLSA-2024:3501
Moderate: nghttp2 security update
ELSA-2024-4252
ELSA-2024-4252: nghttp2 security update (MODERATE)
ELSA-2024-3501
ELSA-2024-3501: nghttp2 security update (MODERATE)
BDU:2024-02691
Уязвимость библиотеки nghttp2, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
ROS-20240507-08
Уязвимость nghttp2
RLSA-2024:2910
Important: nodejs security update
ELSA-2024-2910
ELSA-2024-2910: nodejs security update (IMPORTANT)
ELSA-2024-2853
ELSA-2024-2853: nodejs:20 security update (IMPORTANT)
ELSA-2024-2780
ELSA-2024-2780: nodejs:18 security update (IMPORTANT)
ELSA-2024-2779
ELSA-2024-2779: nodejs:18 security update (IMPORTANT)
ELSA-2024-2778
ELSA-2024-2778: nodejs:20 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability. | CVSS3: 5.3 | 19% Средний | больше 1 года назад |
 | CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability. | CVSS3: 5.3 | 19% Средний | больше 1 года назад |
 | CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability. | CVSS3: 5.3 | 19% Средний | больше 1 года назад |
 | CVSS3: 5.3 | 19% Средний | 12 месяцев назад | |
| CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol versio ... | CVSS3: 5.3 | 19% Средний | больше 1 года назад |
 | SUSE-SU-2024:1167-1 Security update for nghttp2 | 19% Средний | больше 1 года назад | |
| SUSE-SU-2024:1156-1 Security update for nghttp2 | 19% Средний | больше 1 года назад | |
 | RLSA-2024:4252 Moderate: nghttp2 security update | 19% Средний | 3 месяца назад | |
| RLSA-2024:3501 Moderate: nghttp2 security update | 19% Средний | около 1 года назад | |
| ELSA-2024-4252 ELSA-2024-4252: nghttp2 security update (MODERATE) | около 1 года назад | ||
| ELSA-2024-3501 ELSA-2024-3501: nghttp2 security update (MODERATE) | около 1 года назад | ||
 | BDU:2024-02691 Уязвимость библиотеки nghttp2, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.3 | 19% Средний | больше 1 года назад |
 | ROS-20240507-08 Уязвимость nghttp2 | CVSS3: 5.3 | 19% Средний | больше 1 года назад |
| RLSA-2024:2910 Important: nodejs security update | около 1 года назад | ||
| ELSA-2024-2910 ELSA-2024-2910: nodejs security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-2853 ELSA-2024-2853: nodejs:20 security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-2780 ELSA-2024-2780: nodejs:18 security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-2779 ELSA-2024-2779: nodejs:18 security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-2778 ELSA-2024-2778: nodejs:20 security update (IMPORTANT) | около 1 года назад |
Уязвимостей на страницу