Home

CVE-2018-1000168

Description

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.611

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-7161,CVE-2018-1000168,CVE-2018-7162,CVE-2018-7164,CVE-2018-7167 are fixed in Node.js 10 (10.24.1)Windows
Vulnerabilities CVE-2018-7161,CVE-2018-1000168,CVE-2018-7162,CVE-2018-7164,CVE-2018-7167 are fixed in Node.js 10 (x64) (10.24.1)Windows
Vulnerabilities CVE-2018-7161,CVE-2018-1000168,CVE-2018-7162,CVE-2018-7164,CVE-2018-7167 are fixed in Node.js 8 8.11.3Windows
Vulnerabilities CVE-2018-7161,CVE-2018-1000168,CVE-2018-7162,CVE-2018-7164,CVE-2018-7167 are fixed in Node.js 8 (x64) 8.11.3Windows
Vulnerabilities CVE-2018-7161,CVE-2018-1000168,CVE-2018-7162,CVE-2018-7164,CVE-2018-7167 are fixed in Node.js 9.11.2Windows
Vulnerabilities CVE-2018-7161,CVE-2018-1000168,CVE-2018-7162,CVE-2018-7164,CVE-2018-7167 are fixed in Node.js 6.14.3Windows
SUSE-SU-2021:0932-1(SUSE Linux Enterprise Server 12-SP5 ) libnghttp2-14-1.39.2-3.5.1.x86_64.rpmLinux
SUSE-SU-2021:0932-1(SUSE Linux Enterprise Server 12-SP5 ) libnghttp2-14-32bit-1.39.2-3.5.1.x86_64.rpmLinux
SUSE-SU-2021:0932-1(SUSE Linux Enterprise Server 12-SP5 ) libnghttp2-14-debuginfo-1.39.2-3.5.1.x86_64.rpmLinux
SUSE-SU-2021:0932-1(SUSE Linux Enterprise Server 12-SP5 ) libnghttp2-14-debuginfo-32bit-1.39.2-3.5.1.x86_64.rpmLinux
SUSE-SU-2021:0932-1(SUSE Linux Enterprise Server 12-SP5 ) nghttp2-debuginfo-1.39.2-3.5.1.x86_64.rpmLinux
SUSE-SU-2021:0932-1(SUSE Linux Enterprise Server 12-SP5 ) nghttp2-debugsource-1.39.2-3.5.1.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-319042Node.js 10 (10.24.1)
PATCH-319043Node.js 10 (x64) (10.24.1)
PATCH-319042Node.js 10 (10.24.1)
PATCH-319042Node.js 10 (10.24.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234