nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-08T15:00:00

Updated: 2024-08-05T12:33:49.411Z

Reserved: 2018-04-09T00:00:00

Link: CVE-2018-1000168

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-05-08T15:29:00.207

Modified: 2024-11-21T03:39:50.327

Link: CVE-2018-1000168

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-04-12T00:00:00Z

Links: CVE-2018-1000168 - Bugzilla