CVE-2018-1000168

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1000168
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000168.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000168
Downstream
Related
Published
2018-05-08T15:29:00.207Z
Modified
2026-03-10T14:31:26.661942Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
ce3e3c5fe15479475c068482c48eb9cbf1ac9df5
Last affected
c6a397bce63fc026421e1515b98eec9b8b5a8468
Introduced
56a0577b2ebf111346779cf790a1f54e0e464078
Last affected
456bc88c2a16d595e25d5f48ada9646bf21464eb
Introduced
fa9990f3fb5b06fe94e294925246d2c136deb2c2
Last affected
b5339ff549fcd7ff7f228d00d0ff79b78a347dc6
Introduced
cf41627411886000429bde058a6594fb7f6d6d47
Fixed
1442cfef73c0a7157b1552658529ae9ff9154de9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fa9990f3fb5b06fe94e294925246d2c136deb2c2
Database specific 
{
    "versions": [
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.8.1"
        },
        {
            "introduced": "8.4.0"
        },
        {
            "last_affected": "8.17.0"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.11.2"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.4.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/tatsuhiro-t/nghttp2
Events
Introduced
918ca4ca7c935dcea4e314949aefb29aa9123093
Last affected
6e744662310498e97278f46ccbaf6b68a2f2ad6e
Database specific 
{
    "versions": [
        {
            "introduced": "1.10.0"
        },
        {
            "last_affected": "1.31.0"
        }
    ]
}

Affected versions

v1.*
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.19.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.30.0
v1.31.0
v6.*
v6.0.0
v6.1.0
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.8.1
v8.*
v8.10.0
v8.11.0
v8.11.1
v8.11.2
v8.11.3
v8.11.4
v8.12.0
v8.13.0
v8.14.0
v8.14.1
v8.15.0
v8.15.1
v8.16.0
v8.16.1
v8.16.2
v8.17.0
v8.4.0
v8.5.0
v8.6.0
v8.7.0
v8.8.0
v8.8.1
v8.9.0
v8.9.1
v8.9.2
v8.9.3
v8.9.4
v9.*
v9.0.0
v9.1.0
v9.10.0
v9.10.1
v9.11.0
v9.11.1
v9.11.2
v9.2.0
v9.2.1
v9.3.0
v9.4.0
v9.5.0
v9.6.0
v9.6.1
v9.7.0
v9.7.1
v9.8.0
v9.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000168.json"