Количество 32
Количество 32
CVE-2026-27135
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.
CVE-2026-27135
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.
CVE-2026-27135
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.
CVE-2026-27135
nghttp2 Denial of service: Assertion failure due to the missing state validation
CVE-2026-27135
nghttp2 is an implementation of the Hypertext Transfer Protocol versio ...
openSUSE-SU-2026:20413-1
Security update for nghttp2
SUSE-SU-2026:1350-1
Security update for nghttp2
SUSE-SU-2026:1247-1
Security update for nghttp2
SUSE-SU-2026:1074-1
Security update for nghttp2
SUSE-SU-2026:1056-1
Security update for nghttp2
RLSA-2026:7668
Important: nghttp2 security update
RLSA-2026:7667
Important: nghttp2 security update
RLSA-2026:7666
Important: nghttp2 security update
ELSA-2026-7668
ELSA-2026-7668: nghttp2 security update (IMPORTANT)
ELSA-2026-7667
ELSA-2026-7667: nghttp2 security update (IMPORTANT)
ELSA-2026-7666
ELSA-2026-7666: nghttp2 security update (IMPORTANT)
RLSA-2026:8339
Important: nodejs:20 security update
RLSA-2026:7896
Important: nodejs:20 security update
ELSA-2026-8339
ELSA-2026-8339: nodejs:20 security update (IMPORTANT)
ELSA-2026-7896
ELSA-2026-7896: nodejs:20 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-27135 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available. | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
 | CVE-2026-27135 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available. | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
 | CVE-2026-27135 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available. | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
 | CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
| CVE-2026-27135 nghttp2 is an implementation of the Hypertext Transfer Protocol versio ... | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
 | openSUSE-SU-2026:20413-1 Security update for nghttp2 | 0% Низкий | около 1 месяца назад | |
| SUSE-SU-2026:1350-1 Security update for nghttp2 | 0% Низкий | 21 день назад | |
| SUSE-SU-2026:1247-1 Security update for nghttp2 | 0% Низкий | 26 дней назад | |
| SUSE-SU-2026:1074-1 Security update for nghttp2 | 0% Низкий | около 1 месяца назад | |
| SUSE-SU-2026:1056-1 Security update for nghttp2 | 0% Низкий | около 1 месяца назад | |
 | RLSA-2026:7668 Important: nghttp2 security update | 0% Низкий | 21 день назад | |
| RLSA-2026:7667 Important: nghttp2 security update | 0% Низкий | 20 дней назад | |
| RLSA-2026:7666 Important: nghttp2 security update | 0% Низкий | 21 день назад | |
| ELSA-2026-7668 ELSA-2026-7668: nghttp2 security update (IMPORTANT) | 24 дня назад | ||
| ELSA-2026-7667 ELSA-2026-7667: nghttp2 security update (IMPORTANT) | 24 дня назад | ||
| ELSA-2026-7666 ELSA-2026-7666: nghttp2 security update (IMPORTANT) | 25 дней назад | ||
| RLSA-2026:8339 Important: nodejs:20 security update | 21 день назад | ||
| RLSA-2026:7896 Important: nodejs:20 security update | 23 дня назад | ||
| ELSA-2026-8339 ELSA-2026-8339: nodejs:20 security update (IMPORTANT) | 20 дней назад | ||
| ELSA-2026-7896 ELSA-2026-7896: nodejs:20 security update (IMPORTANT) | 23 дня назад |
Уязвимостей на страницу