Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
445
VMScore

CVE-2018-1000168

Published: 08/05/2018 Updated: 16/08/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Nghttp2

Vulnerability Summary

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nghttp2 nghttp2

nodejs node.js

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: nghttp2: CVE-2018-1000168: Denial of service due to NULL pointer dereference
Debian Bug report logs - #895566 nghttp2: CVE-2018-1000168: Denial of service due to NULL pointer dereference Package: src:nghttp2; Maintainer for src:nghttp2 is Tomasz Buchert &lt;tomasz@debianorg&gt;; Reported by: Salvatore Bonaccorso &lt;carnil@debianorg&gt; Date: Thu, 12 Apr 2018 18:45:07 UTC Severity: important Tags: patc ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 6 and RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP1 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...
Amazon Linux 2: ALAS2-2018-1020
nghttp2 version &gt;= 1100 and nghttp2 &lt;= v1310 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service This attack appears to be exploitable via network client This vulnerability appears to have been fixed in &gt;= 1311 (CVE-2018-1000168) ...
Red Hat: CVE-2018-1000168
nghttp2 version &gt;= 1100 and nghttp2 &lt;= v1310 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service This attack appears to be exploitable via network client This vulnerability appears to have been fixed in &gt;= 1311 ...

References

CWE-20CWE-476https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/http://www.securityfocus.com/bid/103952https://access.redhat.com/errata/RHSA-2019:0367https://access.redhat.com/errata/RHSA-2019:0366https://lists.debian.org/debian-lts-announce/2021/10/msg00011.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895566https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2019:0367https://alas.aws.amazon.com/AL2/ALAS-2018-1020.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook