CVE-2018-1000168

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1000168
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000168.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1000168
Related
Published
2018-05-08T15:29:00Z
Modified
2024-12-05T15:15:50.639068Z
Downstream
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

References

Affected packages

Alpine:v3.10 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.11 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.12 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.13 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.14 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.15 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.16 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.17 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.18 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.19 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.20 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.21 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Alpine:v3.8 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Alpine:v3.9 / nodejs

Package

Name
nodejs
Purl
pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.3-r0

Affected versions

4.*

4.4.3-r0
4.4.4-r0
4.4.5-r0
4.4.7-r0
4.5.0-r0

6.*

6.9.1-r0
6.9.1-r1
6.9.2-r0
6.9.4-r0
6.9.4-r1
6.9.5-r0
6.9.5-r1
6.10.0-r0
6.10.1-r0
6.10.3-r0
6.11.0-r0
6.11.1-r0
6.11.1-r1
6.11.1-r2
6.11.2-r0
6.11.3-r0
6.11.4-r0
6.11.5-r0

8.*

8.9.0-r0
8.9.1-r0
8.9.2-r0
8.9.3-r0
8.9.3-r1
8.9.4-r0
8.10.0-r0
8.11.0-r0
8.11.0-r1
8.11.1-r0
8.11.1-r1
8.11.1-r2
8.11.2-r0

Debian:11 / nghttp2

Package

Name
nghttp2
Purl
pkg:deb/debian/nghttp2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.31.1-1

Ecosystem specific 

{
    "urgency": "low"
}

Debian:12 / nghttp2

Package

Name
nghttp2
Purl
pkg:deb/debian/nghttp2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.31.1-1

Ecosystem specific 

{
    "urgency": "low"
}

Debian:13 / nghttp2

Package

Name
nghttp2
Purl
pkg:deb/debian/nghttp2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.31.1-1

Ecosystem specific 

{
    "urgency": "low"
}

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
cf41627411886000429bde058a6594fb7f6d6d47
Fixed
1442cfef73c0a7157b1552658529ae9ff9154de9

Affected versions

v10.*

v10.0.0
v10.1.0
v10.2.0
v10.2.1
v10.3.0
v10.4.0