nghttp2 (SUSE:Linux Enterprise Server 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP5 package nghttp2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2018-1000168 — CVSS 7.5 (high): nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that…
CVE-2019-9511 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a…
CVE-2019-9513 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple…
CVE-2023-35945 — CVSS 7.5 (high): Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures…
CVE-2024-28182 — CVSS 5.3 (medium): nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading…
CVE-2020-11080 — CVSS 3.7 (low): In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack…
CVE-2016-1544 — CVSS 3.3 (low): nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).