exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 25

BDU:2020-04461

около 5 лет назад

Уязвимость библиотеки nghttp2, связанная с ошибками при использовании выделенной памяти при обработке пакетов HTTP/2 SETTINGS, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 7.5

EPSS: Низкий

CVE-2020-11080

около 5 лет назад

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

CVSS3: 3.7

EPSS: Низкий

CVE-2020-11080

около 5 лет назад

CVSS3: 7.5

EPSS: Низкий

CVE-2020-11080

около 5 лет назад

CVSS3: 3.7

EPSS: Низкий

CVE-2020-11080

почти 5 лет назад

CVSS3: 7.5

EPSS: Низкий

CVE-2020-11080

около 5 лет назад

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...

CVSS3: 3.7

EPSS: Низкий

openSUSE-SU-2021:0468-1

около 4 лет назад

Security update for nghttp2

EPSS: Низкий

SUSE-SU-2021:0931-1

около 4 лет назад

Security update for nghttp2

EPSS: Низкий

SUSE-SU-2021:0930-1

около 4 лет назад

Security update for nghttp2

EPSS: Низкий

RLSA-2020:2755

почти 5 лет назад

Important: nghttp2 security update

EPSS: Низкий

ELSA-2020-2755

почти 5 лет назад

ELSA-2020-2755: nghttp2 security update (IMPORTANT)

EPSS: Низкий

openSUSE-SU-2020:0802-1

около 5 лет назад

Security update for nodejs8

EPSS: Низкий

SUSE-SU-2020:1576-1

около 5 лет назад

Security update for nodejs8

EPSS: Низкий

RLSA-2020:2848

почти 5 лет назад

Important: nodejs:10 security update

EPSS: Низкий

ELSA-2020-2848

почти 5 лет назад

ELSA-2020-2848: nodejs:10 security update (IMPORTANT)

EPSS: Низкий

SUSE-SU-2020:2800-1

больше 4 лет назад

Security update for nodejs8

EPSS: Низкий

SUSE-SU-2020:1606-1

около 5 лет назад

Security update for nodejs12

EPSS: Низкий

SUSE-SU-2020:1575-1

около 5 лет назад

Security update for nodejs10

EPSS: Низкий

SUSE-SU-2020:1568-1

около 5 лет назад

Security update for nodejs10

EPSS: Низкий

RLSA-2020:2852

почти 5 лет назад

Important: nodejs:12 security update

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
BDU:2020-04461 Уязвимость библиотеки nghttp2, связанная с ошибками при использовании выделенной памяти при обработке пакетов HTTP/2 SETTINGS, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 7.5	1% Низкий	около 5 лет назад
CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.	CVSS3: 3.7	1% Низкий	около 5 лет назад
CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.	CVSS3: 7.5	1% Низкий	около 5 лет назад
CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.	CVSS3: 3.7	1% Низкий	около 5 лет назад
CVE-2020-11080	CVSS3: 7.5	1% Низкий	почти 5 лет назад
CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...	CVSS3: 3.7	1% Низкий	около 5 лет назад
openSUSE-SU-2021:0468-1 Security update for nghttp2		1% Низкий	около 4 лет назад
SUSE-SU-2021:0931-1 Security update for nghttp2		1% Низкий	около 4 лет назад
SUSE-SU-2021:0930-1 Security update for nghttp2		1% Низкий	около 4 лет назад
RLSA-2020:2755 Important: nghttp2 security update		1% Низкий	почти 5 лет назад
ELSA-2020-2755 ELSA-2020-2755: nghttp2 security update (IMPORTANT)			почти 5 лет назад
openSUSE-SU-2020:0802-1 Security update for nodejs8			около 5 лет назад
SUSE-SU-2020:1576-1 Security update for nodejs8			около 5 лет назад
RLSA-2020:2848 Important: nodejs:10 security update			почти 5 лет назад
ELSA-2020-2848 ELSA-2020-2848: nodejs:10 security update (IMPORTANT)			почти 5 лет назад
SUSE-SU-2020:2800-1 Security update for nodejs8			больше 4 лет назад
SUSE-SU-2020:1606-1 Security update for nodejs12			около 5 лет назад
SUSE-SU-2020:1575-1 Security update for nodejs10			около 5 лет назад
SUSE-SU-2020:1568-1 Security update for nodejs10			около 5 лет назад
RLSA-2020:2852 Important: nodejs:12 security update			почти 5 лет назад

Уязвимостей на страницу