CVE-2018-1000168

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1000168
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000168.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1000168
Downstream
Related
Published
2018-05-08T15:29:00.207Z
Modified
2026-02-01T17:53:00.494071Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
cf41627411886000429bde058a6594fb7f6d6d47
Fixed
1442cfef73c0a7157b1552658529ae9ff9154de9

Affected versions

v10.*
v10.0.0
v10.1.0
v10.2.0
v10.2.1
v10.3.0
v10.4.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000168.json"