DEBIAN-CVE-2023-44487

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-44487

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-44487.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-44487

Upstream

CVE-2023-44487

Published

2023-10-10T14:15:10Z

Modified

2025-09-25T23:28:48.721466Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

References

https://security-tracker.debian.org/tracker/CVE-2023-44487

Affected packages

Debian:11

dnsdist

Package

Name: dnsdist
Purl: pkg:deb/debian/dnsdist?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.1-3

1.6.0-1

1.6.0-2

1.6.1-1

1.7.0-1

1.7.1-1

1.7.2-1

1.7.2-2

1.7.3-1

1.7.3-2

1.8.0-1

1.8.1-1

1.8.2-1

1.8.2-2

1.8.2-3

1.8.3-1

1.8.3-2

1.8.3-3

1.9.3-1

1.9.4-1

1.9.5-1

1.9.6-1

1.9.8-1

1.9.9-1

1.9.10-1

2.*

2.0.0~rc1-1

2.0.0~rc1-2

2.0.0~rc2-1

2.0.0-1

2.0.0-2

2.0.0-3

2.0.0-4

2.0.0-5

2.0.0-6

2.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

grpc

Package

Name: grpc
Purl: pkg:deb/debian/grpc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.30.2-3

1.30.2-4

1.30.2-4+0.riscv64.1

1.30.2-4+0.riscv64.2

1.44.0-1

1.44.0-2

1.44.0-3

1.50.1-1

1.51.0-1

1.51.1-1

1.51.1-2

1.51.1-3

1.51.1-4

1.51.1-4.1~exp1

1.51.1-4.1

1.51.1-5

1.51.1-6

1.59.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

h2o

Package

Name: h2o
Purl: pkg:deb/debian/h2o?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-6

2.2.5+dfsg2-6.1

2.2.5+dfsg2-6.2

2.2.5+dfsg2-7

2.2.5+dfsg2-8

2.2.5+dfsg2-8.1~exp1

2.2.5+dfsg2-8.1

2.2.5+dfsg2-9

2.2.5+dfsg2-10

2.2.5+dfsg2-11

Ecosystem specific

{
    "urgency": "not yet assigned"
}

haproxy

Package

Name: haproxy
Purl: pkg:deb/debian/haproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

jetty9

Package

Name: jetty9
Purl: pkg:deb/debian/jetty9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.50-4+deb11u1

Affected versions

9.*

9.4.39-3

9.4.39-3+deb11u1

9.4.39-3+deb11u2

9.4.44-1

9.4.44-2

9.4.44-3

9.4.44-4

9.4.45-1

9.4.46-1

9.4.48-1

9.4.49-1

9.4.49-1.1

9.4.50-1~bpo11+1

9.4.50-1

9.4.50-2

9.4.50-3

9.4.50-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

netty

Package

Name: netty
Purl: pkg:deb/debian/netty?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.48-4+deb11u2

Affected versions

1:4.*

1:4.1.48-4

1:4.1.48-4+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

nghttp2

Package

Name: nghttp2
Purl: pkg:deb/debian/nghttp2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.43.0-1+deb11u1

Affected versions

1.*

1.43.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

nginx

Package

Name: nginx
Purl: pkg:deb/debian/nginx?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.18.0-6.1

1.18.0-6.1+deb11u1

1.18.0-6.1+deb11u2

1.18.0-6.1+deb11u3

1.18.0-6.1+deb11u4

1.18.0-6.1+deb11u5

1.18.0-7

1.18.0-8

1.18.0-9

1.20.2-1

1.20.2-2

1.20.2-3~exp1

1.22.0-1~exp1

1.22.0-1~exp2

1.22.0-1

1.22.0-2~exp1

1.22.0-2~exp2

1.22.0-2~exp3

1.22.0-2~exp4

1.22.0-2

1.22.0-3

1.22.0-3.1

1.22.1-1~exp1

1.22.1-1~exp2

1.22.1-1

1.22.1-2~exp1

1.22.1-2~exp2

1.22.1-2

1.22.1-3~exp1

1.22.1-3

1.22.1-4

1.22.1-5

1.22.1-6~exp1

1.22.1-6

1.22.1-7

1.22.1-8

1.22.1-9

1.24.0-1~exp1

1.24.0-1

1.24.0-2

1.26.0-1~exp1

1.26.0-1

1.26.0-2

1.26.0-3

1.26.2-1

1.26.3-1

1.26.3-2

1.26.3-3

1.28.0-1

1.28.0-2

1.28.0-3

1.28.0-4

1.28.0-5

1.28.0-6

Ecosystem specific

{
    "urgency": "unimportant"
}

tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.43-2~deb11u7

Affected versions

9.*

9.0.43-1

9.0.43-2~deb11u1

9.0.43-2~deb11u2

9.0.43-2~deb11u3

9.0.43-2~deb11u4

9.0.43-2~deb11u5

9.0.43-2~deb11u6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.9+ds-1~deb11u1

Affected versions

8.*

8.1.1+ds-1.1

8.1.1+ds-1.1+deb11u1

8.1.5+ds-1~deb11u1

8.1.6+ds-1~deb10u1

8.1.6+ds-1~deb11u1

8.1.7+ds-1~deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

varnish

Package

Name: varnish
Purl: pkg:deb/debian/varnish?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.1-1

6.5.1-1+deb11u1

6.5.1-1+deb11u2

6.5.1-1+deb11u3

6.5.1-1+deb11u4

6.5.1-1+deb11u5

6.5.2-1

6.6.1-1

7.*

7.1.0-4

7.1.0-5

7.1.0-6

7.1.1-1

7.1.1-1.1

7.1.1-1.2

7.5.0-1

7.5.0-2

7.5.0-3

7.6.0-1

7.6.0-2

7.6.1-1

7.6.1-2

7.7.0-1

7.7.0-2

7.7.0-3

7.7.1-1

7.7.2-1

7.7.2-2

7.7.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

dnsdist

Package

Name: dnsdist
Purl: pkg:deb/debian/dnsdist?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.3-2

1.8.0-1

1.8.1-1

1.8.2-1

1.8.2-2

1.8.2-3

1.8.3-1

1.8.3-2

1.8.3-3

1.9.3-1

1.9.4-1

1.9.5-1

1.9.6-1

1.9.8-1

1.9.9-1

1.9.10-1

2.*

2.0.0~rc1-1

2.0.0~rc1-2

2.0.0~rc2-1

2.0.0-1

2.0.0-2

2.0.0-3

2.0.0-4

2.0.0-5

2.0.0-6

2.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

grpc

Package

Name: grpc
Purl: pkg:deb/debian/grpc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.51.1-3

1.51.1-4

1.51.1-4.1~exp1

1.51.1-4.1

1.51.1-5

1.51.1-6

1.59.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

h2o

Package

Name: h2o
Purl: pkg:deb/debian/h2o?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-7

2.2.5+dfsg2-8

2.2.5+dfsg2-8.1~exp1

2.2.5+dfsg2-8.1

2.2.5+dfsg2-9

2.2.5+dfsg2-10

2.2.5+dfsg2-11

Ecosystem specific

{
    "urgency": "not yet assigned"
}

haproxy

Package

Name: haproxy
Purl: pkg:deb/debian/haproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

jetty9

Package

Name: jetty9
Purl: pkg:deb/debian/jetty9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.50-4+deb12u2

Affected versions

9.*

9.4.50-4

9.4.50-4+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

netty

Package

Name: netty
Purl: pkg:deb/debian/netty?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.48-7+deb12u1

Affected versions

1:4.*

1:4.1.48-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

nghttp2

Package

Name: nghttp2
Purl: pkg:deb/debian/nghttp2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.52.0-1+deb12u1

Affected versions

1.*

1.52.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

nginx

Package

Name: nginx
Purl: pkg:deb/debian/nginx?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.1-9

1.22.1-9+deb12u1

1.22.1-9+deb12u2

1.22.1-9+deb12u3

1.24.0-1~exp1

1.24.0-1

1.24.0-2

1.26.0-1~exp1

1.26.0-1

1.26.0-2

1.26.0-3

1.26.2-1

1.26.3-1

1.26.3-2

1.26.3-3

1.28.0-1

1.28.0-2

1.28.0-3

1.28.0-4

1.28.0-5

1.28.0-6

Ecosystem specific

{
    "urgency": "unimportant"
}

tomcat10

Package

Name: tomcat10
Purl: pkg:deb/debian/tomcat10?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.1.6-1+deb12u1

Affected versions

10.*

10.1.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.70-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.2.3+ds-1+deb12u1

Affected versions

9.*

9.2.0+ds-2

9.2.0+ds-2+deb12u1

9.2.1+ds-1

9.2.2+ds-1

9.2.3+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

varnish

Package

Name: varnish
Purl: pkg:deb/debian/varnish?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.1.1-1.1

7.1.1-1.1+deb12u1

7.1.1-1.2

7.1.1-2+deb12u1

7.5.0-1

7.5.0-2

7.5.0-3

7.6.0-1

7.6.0-2

7.6.1-1

7.6.1-2

7.7.0-1

7.7.0-2

7.7.0-3

7.7.1-1

7.7.2-1

7.7.2-2

7.7.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

dnsdist

Package

Name: dnsdist
Purl: pkg:deb/debian/dnsdist?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

grpc

Package

Name: grpc
Purl: pkg:deb/debian/grpc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.51.1-6

1.59.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

haproxy

Package

Name: haproxy
Purl: pkg:deb/debian/haproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

jetty9

Package

Name: jetty9
Purl: pkg:deb/debian/jetty9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.53-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

netty

Package

Name: netty
Purl: pkg:deb/debian/netty?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.48-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

nghttp2

Package

Name: nghttp2
Purl: pkg:deb/debian/nghttp2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.57.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

nginx

Package

Name: nginx
Purl: pkg:deb/debian/nginx?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.0-2

Ecosystem specific

{
    "urgency": "unimportant"
}

tomcat10

Package

Name: tomcat10
Purl: pkg:deb/debian/tomcat10?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.1.14-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.70-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

varnish

Package

Name: varnish
Purl: pkg:deb/debian/varnish?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.5.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

dnsdist

Package

Name: dnsdist
Purl: pkg:deb/debian/dnsdist?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

grpc

Package

Name: grpc
Purl: pkg:deb/debian/grpc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.51.1-6

1.59.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

haproxy

Package

Name: haproxy
Purl: pkg:deb/debian/haproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

jetty9

Package

Name: jetty9
Purl: pkg:deb/debian/jetty9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.53-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

netty

Package

Name: netty
Purl: pkg:deb/debian/netty?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.48-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

nghttp2

Package

Name: nghttp2
Purl: pkg:deb/debian/nghttp2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.57.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

nginx

Package

Name: nginx
Purl: pkg:deb/debian/nginx?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.0-2

Ecosystem specific

{
    "urgency": "unimportant"
}

tomcat10

Package

Name: tomcat10
Purl: pkg:deb/debian/tomcat10?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.1.14-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.70-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

varnish

Package

Name: varnish
Purl: pkg:deb/debian/varnish?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.5.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}