CVE-2018-1000168

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000168

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000168.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000168

Downstream

ALPINE-CVE-2018-1000168

DEBIAN-CVE-2018-1000168

DLA-2786-1

RHSA-2019:0367

SUSE-SU-2018:1918-1

SUSE-SU-2019:14246-1

SUSE-SU-2021:0932-1

UBUNTU-CVE-2018-1000168

openSUSE-SU-2024:11091-1

Related

Published

2018-05-08T15:29:00Z

Modified

2025-10-10T01:14:45.513589Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

cf41627411886000429bde058a6594fb7f6d6d47

Fixed

1442cfef73c0a7157b1552658529ae9ff9154de9

Affected versions

v10.*

v10.0.0

v10.1.0

v10.2.0

v10.2.1

v10.3.0

v10.4.0