github - ghsa-4p62-4q7w-qmcg

ghsa-4p62-4q7w-qmcg

Vulnerability from github

Published

2022-05-13 01:03

Modified

2022-05-13 01:03

Severity

7.5 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16843"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-07T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file.",
  "id": "GHSA-4p62-4q7w-qmcg",
  "modified": "2022-05-13T01:03:33Z",
  "published": "2022-05-13T01:03:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16843"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3653"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3680"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3681"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16843"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212818"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3812-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4335"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
    },
    {
      "type": "WEB",
      "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Sep/36"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105868"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1042038"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2018-16843

Vulnerability from cvelistv5

Published

2018-11-07 14:00

Modified

2024-08-05 10:32

Severity

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

URL	Tags
https://www.debian.org/security/2018/dsa-4335	vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:3680	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3681	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/105868	vdb-entry, x_refsource_BID
http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html	x_refsource_MISC
http://www.securitytracker.com/id/1042038	vdb-entry, x_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16843	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3653	vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3812-1/	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html	vendor-advisory, x_refsource_SUSE
https://support.apple.com/kb/HT212818	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2021/Sep/36	mailing-list, x_refsource_FULLDISC

Impacted products

Vendor	Product
[UNKNOWN]	nginx

Show details on NVD website