CVE-2020-11080

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-11080
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11080.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-11080
Aliases
Downstream
Related
Published
2020-06-03T23:15:11.073Z
Modified
2026-03-10T23:14:01.978708587Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2onframerecvcallback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

References

Affected packages

Git / github.com/graalvm/graalvm-ce-builds

Affected ranges

Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6c1e8e199e171761b388b0f15afadfba0b552abc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1ebb60f5d73c0a82424003ee6ff22fb7bf163efe
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "19.3.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "20.1.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
527c12ed611f3fe072c3043734319edb2c733099
Introduced
ae41ce7c4ecff5e1e336ab768867370b8c94e02d
Last affected
6acd2e9068e1652d9a987a6a89769ee108cbe883
Introduced
270fd3411e3d671a73ed9725940a30080f59ce6d
Last affected
f8cdce86448a211511e8a039c62580ae16cb96f5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "7.5.0"
        },
        {
            "last_affected": "7.5.19"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.21"
        }
    ]
}
Type
GIT
Repo
https://github.com/nghttp2/nghttp2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8f7b008b158e12de0e58247afd170f127dbb6456
Fixed
336a98feb0d56b9ac54e12736b18785c27f75090
Fixed
f8da73bd042f810f34d19f9eae02b46d870af394
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.41.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cf41627411886000429bde058a6594fb7f6d6d47
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2291e079f22e6df1f7683a05d17364b2ab3bfdab
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5d81e4d677e8a00c2d0d3a23e2bd74bf9f1deb57
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
27adbf027f2dd3a75b22518f6825e1a1937059d1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
53596fd2454fda431a4b2b578760cbab3729c374
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
236455303fee234478381431bf112ddc966bb537
Introduced
cf41627411886000429bde058a6594fb7f6d6d47
Last affected
4a276cc2a960b3f9a138ac3a99c9249a63b4d472
Introduced
ab4af087e83d91a46354d765306d3543b1d85423
Fixed
23adb548a57db0c56e359265108e7fe71d8b4f73
Introduced
2f45ad8060e13d5ac912335096d21526f2f9602b
Last affected
921493e2287aa895679620155b5288b2e1587bfd
Introduced
42cce5a9d0fd905bf4ad7a2528c36572dfb8b5ad
Fixed
f19f5b34d7c4e9a4e339b40bc791c78469091704
Introduced
73aa21658dfa6a22c06451d080152b32b1f98dbe
Last affected
27adbf027f2dd3a75b22518f6825e1a1937059d1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.0"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.12.0"
        },
        {
            "introduced": "10.13.0"
        },
        {
            "fixed": "10.21.0"
        },
        {
            "introduced": "12.0.0"
        },
        {
            "last_affected": "12.12.0"
        },
        {
            "introduced": "12.13.0"
        },
        {
            "fixed": "12.18.0"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "last_affected": "14.4.0"
        }
    ]
}

Affected versions

mysql-5.*
mysql-5.5.48
mysql-5.5.49
mysql-5.5.50
mysql-5.5.51
mysql-5.5.52
mysql-5.5.53
mysql-5.5.54
mysql-5.5.55
mysql-5.5.56
mysql-5.5.57
mysql-5.5.58
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.5.62
mysql-5.5.63
mysql-5.6.29
mysql-5.6.30
mysql-5.6.31
mysql-5.6.32
mysql-5.6.33
mysql-5.6.34
mysql-5.6.35
mysql-5.6.36
mysql-5.6.37
mysql-5.6.38
mysql-5.6.39
mysql-5.6.40
mysql-5.6.41
mysql-5.6.42
mysql-5.6.43
mysql-5.6.45
mysql-5.6.46
mysql-5.6.47
mysql-5.6.48
mysql-5.6.49
mysql-5.6.50
mysql-5.6.51
mysql-5.7-22-ndb-7.6.6
mysql-5.7.10-2
mysql-5.7.11
mysql-5.7.12
mysql-5.7.13
mysql-5.7.14
mysql-5.7.15
mysql-5.7.16
mysql-5.7.17
mysql-5.7.18
mysql-5.7.19
mysql-5.7.20
mysql-5.7.21
mysql-5.7.22
mysql-5.7.24
mysql-5.7.25
mysql-5.7.26
mysql-5.7.27
mysql-5.7.28
mysql-5.7.29
mysql-5.7.30
mysql-5.7.31
mysql-5.7.32
mysql-5.7.33
mysql-5.7.34
mysql-5.7.35
mysql-5.7.36
mysql-5.7.37
mysql-5.7.38
mysql-5.7.39
mysql-5.7.40
mysql-5.7.40-testing
mysql-5.7.41
mysql-5.7.42
mysql-5.7.43
mysql-5.7.44
mysql-8.*
mysql-8.0.0
mysql-8.0.1
mysql-8.0.11
mysql-8.0.12
mysql-8.0.13
mysql-8.0.14
mysql-8.0.15
mysql-8.0.16
mysql-8.0.17
mysql-8.0.18
mysql-8.0.19
mysql-8.0.2
mysql-8.0.20
mysql-8.0.21
mysql-8.0.22
mysql-8.0.23
mysql-8.0.24
mysql-8.0.25
mysql-8.0.26
mysql-8.0.27
mysql-8.0.28
mysql-8.0.29
mysql-8.0.3
mysql-8.0.30
mysql-8.0.31
mysql-8.0.32
mysql-8.0.33
mysql-8.0.34
mysql-8.0.35
mysql-8.0.36
mysql-8.0.37
mysql-8.0.4
mysql-8.1.0
mysql-8.2.0
mysql-8.3.0
mysql-8.4.0
mysql-9.*
mysql-9.0.0
mysql-9.0.0-release
mysql-cluster-7.*
mysql-cluster-7.2.23
mysql-cluster-7.2.24
mysql-cluster-7.2.25
mysql-cluster-7.2.26
mysql-cluster-7.2.27
mysql-cluster-7.2.28
mysql-cluster-7.2.29
mysql-cluster-7.2.30
mysql-cluster-7.2.31
mysql-cluster-7.2.32
mysql-cluster-7.2.33
mysql-cluster-7.2.34
mysql-cluster-7.2.35
mysql-cluster-7.2.37
mysql-cluster-7.2.38
mysql-cluster-7.2.39
mysql-cluster-7.2.40
mysql-cluster-7.3
mysql-cluster-7.3.12
mysql-cluster-7.3.13
mysql-cluster-7.3.14
mysql-cluster-7.3.15
mysql-cluster-7.3.16
mysql-cluster-7.3.17
mysql-cluster-7.3.18
mysql-cluster-7.3.19
mysql-cluster-7.3.20
mysql-cluster-7.3.21
mysql-cluster-7.3.22
mysql-cluster-7.3.23
mysql-cluster-7.3.24
mysql-cluster-7.3.25
mysql-cluster-7.3.26
mysql-cluster-7.3.27
mysql-cluster-7.3.28
mysql-cluster-7.3.29
mysql-cluster-7.3.30
mysql-cluster-7.3.31
mysql-cluster-7.3.33
mysql-cluster-7.4.11
mysql-cluster-7.4.12
mysql-cluster-7.4.13
mysql-cluster-7.4.14
mysql-cluster-7.4.15
mysql-cluster-7.4.16
mysql-cluster-7.4.17
mysql-cluster-7.4.18
mysql-cluster-7.4.19
mysql-cluster-7.4.20
mysql-cluster-7.4.21
mysql-cluster-7.4.23
mysql-cluster-7.4.24
mysql-cluster-7.4.25
mysql-cluster-7.4.26
mysql-cluster-7.4.27
mysql-cluster-7.4.28
mysql-cluster-7.4.29
mysql-cluster-7.4.30
mysql-cluster-7.4.32
mysql-cluster-7.4.33
mysql-cluster-7.4.34
mysql-cluster-7.4.35
mysql-cluster-7.4.36
mysql-cluster-7.4.37
mysql-cluster-7.4.38
mysql-cluster-7.4.39
mysql-cluster-7.4.9
mysql-cluster-7.5.0
mysql-cluster-7.5.1
mysql-cluster-7.5.10
mysql-cluster-7.5.11
mysql-cluster-7.5.12
mysql-cluster-7.5.13
mysql-cluster-7.5.14
mysql-cluster-7.5.15
mysql-cluster-7.5.16
mysql-cluster-7.5.17
mysql-cluster-7.5.18
mysql-cluster-7.5.19
mysql-cluster-7.5.2
mysql-cluster-7.5.20
mysql-cluster-7.5.21
mysql-cluster-7.5.23
mysql-cluster-7.5.24
mysql-cluster-7.5.25
mysql-cluster-7.5.26
mysql-cluster-7.5.27
mysql-cluster-7.5.28
mysql-cluster-7.5.29
mysql-cluster-7.5.3
mysql-cluster-7.5.30
mysql-cluster-7.5.31
mysql-cluster-7.5.32
mysql-cluster-7.5.33
mysql-cluster-7.5.34
mysql-cluster-7.5.4
mysql-cluster-7.5.5
mysql-cluster-7.5.6
mysql-cluster-7.5.7
mysql-cluster-7.5.8
mysql-cluster-7.5.9
mysql-cluster-7.6.10
mysql-cluster-7.6.11
mysql-cluster-7.6.12
mysql-cluster-7.6.13
mysql-cluster-7.6.14
mysql-cluster-7.6.15
mysql-cluster-7.6.16
mysql-cluster-7.6.17
mysql-cluster-7.6.19
mysql-cluster-7.6.2
mysql-cluster-7.6.20
mysql-cluster-7.6.22
mysql-cluster-7.6.23
mysql-cluster-7.6.24
mysql-cluster-7.6.25
mysql-cluster-7.6.26
mysql-cluster-7.6.27
mysql-cluster-7.6.28
mysql-cluster-7.6.29
mysql-cluster-7.6.3
mysql-cluster-7.6.30
mysql-cluster-7.6.4
mysql-cluster-7.6.5
mysql-cluster-7.6.6
mysql-cluster-7.6.7
mysql-cluster-7.6.8
mysql-cluster-7.6.9
mysql-cluster-8.*
mysql-cluster-8.0.16
mysql-cluster-8.0.18
mysql-cluster-8.0.19
mysql-cluster-8.0.20
mysql-cluster-8.0.21
mysql-cluster-8.0.22
mysql-cluster-8.0.23
mysql-cluster-8.0.24
mysql-cluster-8.0.25
mysql-cluster-8.0.26
mysql-cluster-8.0.27
mysql-cluster-8.0.28
mysql-cluster-8.0.29
mysql-cluster-8.0.30
mysql-cluster-8.0.31
mysql-cluster-8.0.32
mysql-cluster-8.0.33
mysql-cluster-8.0.34
mysql-cluster-8.0.35
mysql-cluster-8.0.36
mysql-cluster-8.0.37
mysql-cluster-8.1.0
mysql-cluster-8.2.0
mysql-cluster-8.3.0
mysql-cluster-8.4.0
mysql-cluster-9.*
mysql-cluster-9.0.0
v0.*
v0.1.0
v0.2.0
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.7.0
v0.7.1
v0.7.10
v0.7.11
v0.7.12
v0.7.13
v0.7.14
v0.7.15
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0
v1.1.1
v1.1.2
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.19.0
v1.2.0
v1.2.1
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.39.0
v1.4.0
v1.40.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v1.9.1
v10.*
v10.0.0
v10.1.0
v10.10.0
v10.11.0
v10.12.0
v10.13.0
v10.14.0
v10.14.1
v10.14.2
v10.15.0
v10.15.1
v10.15.2
v10.15.3
v10.16.0
v10.16.1
v10.16.2
v10.16.3
v10.17.0
v10.18.0
v10.18.1
v10.19.0
v10.2.0
v10.2.1
v10.20.0
v10.20.1
v10.3.0
v10.4.0
v10.4.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v10.9.0
v12.*
v12.0.0
v12.1.0
v12.10.0
v12.11.0
v12.11.1
v12.12.0
v12.13.0
v12.13.1
v12.14.0
v12.14.1
v12.15.0
v12.16.0
v12.16.1
v12.16.2
v12.16.3
v12.17.0
v12.2.0
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v12.8.1
v12.9.0
v12.9.1
v14.*
v14.0.0
v14.1.0
v14.2.0
v14.3.0
vm-19.*
vm-19.3.2-pre

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11080.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "digest": {
            "function_hash": "77346755642097303584396383619358398552",
            "length": 18563.0
        },
        "signature_type": "Function",
        "target": {
            "file": "tests/main.c",
            "function": "main"
        },
        "id": "CVE-2020-11080-043c15f6"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "130478378985285426395828020745352499798",
                "196503942045532253932110626834219947143",
                "140220713152922819905257382060130445298"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "tests/nghttp2_session_test.c"
        },
        "id": "CVE-2020-11080-14985976"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "299481480502669017256817653651965760144",
                "192855200294858710714870647090618082678",
                "171931255100099914416002534199507749118",
                "134596621928972775674961808494563737758"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "lib/nghttp2_session.h"
        },
        "id": "CVE-2020-11080-29794fd0"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "280874317114581665292887146495868357102",
                "274381237785996237210746435884522152997",
                "107451044609814117435435328329148362077",
                "265830476977356558353157603069471539683"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "tests/nghttp2_session_test.h"
        },
        "id": "CVE-2020-11080-4af6c055"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "digest": {
            "function_hash": "76320109155165413425003197983052626995",
            "length": 25684.0
        },
        "signature_type": "Function",
        "id": "CVE-2020-11080-5cb6f3ce",
        "target": {
            "file": "lib/nghttp2_session.c",
            "function": "nghttp2_session_mem_recv"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "91080862305138533235158662184188504666",
                "55719047791074478376451138928302749691",
                "34423416865062340475666727477469394742",
                "160694452227622041512789921840087788128",
                "125215487250163291681325310929119184725",
                "304511006625711842872697081582856130109",
                "146521828018515530096198461293603487510",
                "77071207928031166158783556068782833928",
                "43043000719327973590426123686028805161",
                "179003225043518908190906283800628246232",
                "105742072403147979607114434011564829201",
                "233584587159786120052703451071535283688",
                "283651529724345891378773186219206064596",
                "14651239339197374400702615701208359594",
                "192045365012885780981896872206360096339"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "lib/nghttp2_session.c"
        },
        "id": "CVE-2020-11080-73357273"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "63766746716490509158265166290164411355",
                "50635060742961895873309443562646461749",
                "239135157918357008258296874879627556704",
                "262788658577533723179089072256574826527",
                "308365296203565026472293299273132062617",
                "221121337717265128092329712418842083664",
                "103420866999420189564175411823852472381",
                "302740726034182105606640494944642389408"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "lib/nghttp2_option.h"
        },
        "id": "CVE-2020-11080-8621d90d"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "digest": {
            "function_hash": "161237338488688124648574588901191514607",
            "length": 3119.0
        },
        "signature_type": "Function",
        "target": {
            "file": "lib/nghttp2_helper.c",
            "function": "nghttp2_strerror"
        },
        "id": "CVE-2020-11080-91463383"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "263822875862045880231887339213735516174",
            "length": 5015.0
        },
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "signature_type": "Function",
        "id": "CVE-2020-11080-9256b42a",
        "target": {
            "file": "lib/nghttp2_session.c",
            "function": "session_new"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "299600677355295622260323329753137725168",
                "207336653490817637956563444167084485017",
                "173962859204859183510964537905480471226",
                "263987830515868330154101366183012883049",
                "43061682448991184130831432058325332900",
                "296025395023612671134012733026983718977",
                "132824854117467898005988011917814540319",
                "42461200801133469667506603652589266889",
                "60147014574846046905448290406570903562",
                "334292343408006444436679522713366391316"
            ]
        },
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "signature_type": "Line",
        "id": "CVE-2020-11080-93a5c7ca",
        "target": {
            "file": "lib/includes/nghttp2/nghttp2.h"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "72648759381140541927944427180807827419",
                "86294245556859006400665914123068255423",
                "309234068633173169723482597667900608056",
                "31192511699064862677426786158272593111"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "tests/main.c"
        },
        "id": "CVE-2020-11080-98628c0b"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "158755643856787929620345895606655037940",
                "177488015206800958109423790823881861161",
                "16463961717879961764121185295358555699",
                "318001711588175060333961809437607705430"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "lib/nghttp2_helper.c"
        },
        "id": "CVE-2020-11080-c054b6e7"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "232072567350380857623571495123190065086",
            "length": 1322.0
        },
        "source": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
        "signature_type": "Function",
        "id": "CVE-2020-11080-c7806524",
        "target": {
            "file": "lib/nghttp2_session.c",
            "function": "nghttp2_session_upgrade_internal"
        }
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "21.1.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.3.0"
            },
            {
                "last_affected": "7.3.30"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.4.0"
            },
            {
                "last_affected": "7.4.29"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.6.0"
            },
            {
                "last_affected": "7.6.15"
            }
        ]
    }
]