CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

References

Affected packages

Git

github.com/apache/trafficserver

Affected ranges

Type: GIT
Repo: https://github.com/apache/trafficserver
Events: Introduced

b14030656330ed623cd1f9efe2f4f9abd9d16e29

Fixed

b4e3c73354d2a104ed6f00379eeb9f121a85e8bb

Introduced

b310e3566f58dd04ec2b15b111ec86ea70e20019

Fixed

796ffd3a329b4b1f2ec0dd51158e62c94914c4ca

Affected versions

8.*

8.0.0

8.0.0-rc4

8.0.1

8.0.1-rc0

8.0.2

8.0.2-rc0

8.0.3

8.0.3-rc0

8.0.4

8.0.4-rc0

8.0.5

8.0.6

8.0.6-rc0

8.0.6-rc1

8.1.0

8.1.0-rc0

8.1.1

8.1.1-rc0

8.1.2-rc0

8.1.3

8.1.3-rc0

8.1.3-rc1

8.1.4

8.1.4-rc0

8.1.5

8.1.5-rc0

8.1.6

8.1.6-rc0

8.1.7

8.1.7-rc0

8.1.8

8.1.8-rc0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/apple/swift-nio-http2

Affected ranges

Type: GIT
Repo: https://github.com/apple/swift-nio-http2
Events: Introduced

13b6a7a83864005334818d7ea2a3053869a96c04

Fixed

dbfc8fcd1a0cc4d7254a060501120d378e91f16c

Introduced

39ed0e753596afadad920e302ae769b28f3a982b

Fixed

6e94a7be32891d1b303a3fcfde8b5bf64d162e74

Affected versions

1.*

1.18.0

1.18.1

1.18.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/caddyserver/caddy

Affected ranges

Type: GIT
Repo: https://github.com/caddyserver/caddy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0e204b730aa2b1fa0835336b1117eff8c420f713

Affected versions

v2.*

v2.0.0

v2.0.0-beta.13

v2.0.0-beta.14

v2.0.0-beta.15

v2.0.0-beta.16

v2.0.0-beta.17

v2.0.0-beta.18

v2.0.0-beta.19

v2.0.0-beta.20

v2.0.0-beta1

v2.0.0-beta10

v2.0.0-beta11

v2.0.0-beta12

v2.0.0-beta2

v2.0.0-beta3

v2.0.0-beta4

v2.0.0-beta5

v2.0.0-beta6

v2.0.0-beta7

v2.0.0-beta8

v2.0.0-beta9

v2.0.0-rc.1

v2.0.0-rc.2

v2.0.0-rc.3

v2.1.0

v2.1.0-beta.1

v2.1.0-beta.2

v2.1.1

v2.2.0

v2.2.0-rc.1

v2.2.0-rc.2

v2.2.0-rc.3

v2.2.1

v2.2.3

v2.3.0

v2.3.0-beta.1

v2.3.0-rc.1

v2.3.0-rc.2

v2.4.0

v2.4.0-beta.1

v2.4.0-beta.2

v2.4.0-rc.1

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.5.0

v2.5.0-beta.1

v2.5.0-rc.1

v2.5.1

v2.5.2

v2.6.0

v2.6.0-beta.1

v2.6.0-beta.2

v2.6.0-beta.3

v2.6.0-beta.4

v2.6.0-beta.5

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.7.0

v2.7.0-beta.1

v2.7.0-beta.2

v2.7.1

v2.7.2

v2.7.3

v2.7.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/dotnet/core

Affected ranges

Type: GIT
Repo: https://github.com/dotnet/core
Events: Introduced

62bcac3998e1168f4a34b775a06d6451b5ffca7b

Fixed

b8c6583af496dab539edbbb2f46f1c6f62538165

Introduced

63772e2191a750dd3cafa75914cacdb038c7520c

Fixed

356d7e7dc972f37994cb10177d640da6fade8981

Introduced

ee849590a02cc5cd61eff18aa64bf985ec45124d

Fixed

356d7e7dc972f37994cb10177d640da6fade8981

Affected versions

v3.*

v3.1.10

v5.*

v5.0.0

v5.0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/golang/go

Affected ranges

Type: GIT
Repo: https://github.com/golang/go
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4068be56ce7721a3d75606ea986d11e9ca27077a

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4a4127bccc826ebb6079af3252bc6bfeaec187c4

Introduced

c19c4c566c63818dfd059b352e52c4710eecf14d

Fixed

883f062fc0a097bf561030ad453fd3e300896975

Affected versions

go1.*

go1.21.0

go1.21.1

go1.21.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/grpc/grpc

Affected ranges

Type: GIT
Repo: https://github.com/grpc/grpc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

883e5f76976b86afee87415dc67bde58d9b295a4

Introduced

0417b882aa7abc1512f534e56f9cd97c557bb68f

Fixed

14bcda7eae0ee99f6a6dceb8d6cc23f49362f577

Introduced

7569ba7a66a2b4dd93b04ad355cc401d06285ee7

Fixed

99fd5c391a435e2677b6caa7fd25089c484a32ab

Introduced

da76faf2b882ba1e07bd52379bfb8eba8354155c

Fixed

109c570727c3089fef655edcdd0dd02cc5958010

Affected versions

1.*

1.33.1

v1.*

v1.19.0

v1.21.0

v1.21.1

v1.21.2

v1.21.3

v1.21.3-pre1

v1.21.4

v1.21.4-pre1

v1.22.0

v1.22.0-pre1

v1.23.0

v1.23.0-pre1

v1.24.0

v1.24.0-pre1

v1.24.0-pre2

v1.24.1

v1.24.2

v1.24.3

v1.25.0

v1.25.0-pre1

v1.26.0

v1.26.0-pre1

v1.29.0

v1.29.1

v1.30.0

v1.30.0-pre1

v1.30.1

v1.30.2

v1.31.0

v1.31.0-pre1

v1.31.0-pre2

v1.31.1

v1.32.0

v1.32.0-pre1

v1.33.0

v1.33.0-pre1

v1.33.0-pre2

v1.33.1

v1.33.2

v1.34.0

v1.34.0-pre1

v1.35.0-pre1

v1.41.0-pre1

v1.58.0

v1.58.1

v1.58.2

v1.59.0

v1.59.0-pre1

v1.59.0-pre2

v1.59.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/grpc/grpc-go

Affected ranges

Type: GIT
Repo: https://github.com/grpc/grpc-go
Events: Introduced

2fdaae294f38ed9a121193c51ec99fecd3b13eb7

Fixed

3507fb8e1a5ad030303c106fef3a47c9fdad16ad

Introduced

869adfc8d5a43efc0d05780ad109106f457f51e4

Fixed

f95447b3d586dc2a1f350ea5294ad32eb9f2b827

Introduced

919fe359160c05bc7f57839184cdca4bb8ea686a

Fixed

bf05b9558c16677e362d231120f8213eb276d406

Affected versions

v1.*

v1.19.0

v1.21.0

v1.21.1

v1.21.2

v1.58.0

v1.58.0-dev

v1.58.1

v1.58.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/istio/istio

Affected ranges

Type: GIT
Repo: https://github.com/istio/istio
Events: Introduced

2ca3e986a683fbdb82dffcd7b2e8d02076a42468

Fixed

7f26a100ece0c6d21c9274cd4de254c8b627edd0

Introduced

3b3ca8ec1632961e355f398f7357ebed9b13aa43

Fixed

a780cd199d51787fab562748696d531e3d11c7a7

Introduced

697f4ff0fe6ee531bbd4f5f2a6b4b1f302c955a8

Fixed

55f2059ce13723b6c40ac73cc085680e90c33adf

Affected versions

1.*

1.18.0

1.18.1

1.19.0

1.21.0

1.21.1

1.21.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/jenkinsci/jenkins

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/jenkins
Events: Introduced

a40ff504cffe4e68d5a58a4c3f13e66ef807f91d

Fixed

2a9197d36dcd544b94ea2b5e2057a6bcb15552fc

Affected versions

Other

builds/24

builds/26

builds/27

builds/28

changes/24

changes/25

changes/26

changes/27

changes/28

jenkins-1.*

jenkins-1.549

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "160369367981837376425211771792483086401",
                "101618438663106186646298048711112475647",
                "242886222244956186828174638259471718995",
                "298934149985755588273261426844349629368"
            ]
        },
        "source": "https://github.com/jenkinsci/jenkins/commit/2a9197d36dcd544b94ea2b5e2057a6bcb15552fc",
        "deprecated": false,
        "id": "CVE-2023-44487-52d02347",
        "signature_type": "Line",
        "target": {
            "file": "core/src/main/java/hudson/PluginWrapper.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "length": 370.0,
            "function_hash": "111592541090635675244417697061068730864"
        },
        "source": "https://github.com/jenkinsci/jenkins/commit/2a9197d36dcd544b94ea2b5e2057a6bcb15552fc",
        "deprecated": false,
        "id": "CVE-2023-44487-e61c2465",
        "signature_type": "Function",
        "target": {
            "function": "getBackupVersion",
            "file": "core/src/main/java/hudson/PluginWrapper.java"
        },
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/kazu-yamamoto/http2

Affected ranges

Type: GIT
Repo: https://github.com/kazu-yamamoto/http2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f61d41a502bd0f60eb24e1ce14edc7b6df6722a1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/linkerd/linkerd2

Affected ranges

Type: GIT
Repo: https://github.com/linkerd/linkerd2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

729abf7f7285c8cbcb7104050c460807a7ddb3ec

Affected versions

edge-18.*

edge-18.10.1

edge-18.10.2

edge-18.10.3

edge-18.10.4

edge-18.11.1

edge-18.11.2

edge-18.11.3

edge-18.12.1

edge-18.12.2

edge-18.12.3

edge-18.12.4

edge-18.9.2

edge-18.9.3

edge-19.*

edge-19.1.1

edge-19.1.2

edge-19.1.3

edge-19.1.4

edge-19.10.1

edge-19.10.2

edge-19.10.3

edge-19.10.4

edge-19.10.5

edge-19.11.1

edge-19.11.2

edge-19.11.3

edge-19.12.1

edge-19.12.2

edge-19.12.3

edge-19.2.1

edge-19.2.2

edge-19.2.3

edge-19.2.4

edge-19.2.5

edge-19.3.1

edge-19.3.2

edge-19.3.3

edge-19.4.1

edge-19.4.2

edge-19.4.3

edge-19.4.4

edge-19.4.5

edge-19.5.1

edge-19.5.2

edge-19.5.3

edge-19.5.4

edge-19.6.1

edge-19.6.13

edge-19.6.2

edge-19.6.3

edge-19.6.4

edge-19.7.1

edge-19.7.2

edge-19.7.3

edge-19.7.4

edge-19.7.5

edge-19.8.1

edge-19.8.2

edge-19.8.3

edge-19.8.4

edge-19.8.5

edge-19.8.6

edge-19.8.7

edge-19.9.1

edge-19.9.2

edge-19.9.3

edge-19.9.4

edge-19.9.5

edge-20.*

edge-20.1.1

edge-20.1.2

edge-20.1.3

edge-20.1.4

edge-20.2.1

edge-20.2.2

edge-20.2.3

edge-20.3.1

edge-20.3.2

edge-20.3.3

edge-20.3.4

edge-20.4.1

edge-20.4.2

edge-20.4.3

edge-20.4.4

edge-20.4.5

edge-20.5.1

edge-20.5.2

edge-20.5.3

edge-20.5.4

edge-20.5.5

edge-20.6.1

edge-20.6.2

edge-20.6.3

edge-20.6.4

edge-20.7.1

edge-20.7.2

edge-20.7.3

edge-20.7.4

edge-20.7.5

stable-2.*

stable-2.0.0

stable-2.1.0

stable-2.2.0

stable-2.3.0

stable-2.4.0

stable-2.5.0

stable-2.6.0

stable-2.7.0

stable-2.8.0

stable-2.8.1

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.2.0

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v18.*

v18.7.1

v18.7.2

v18.7.3

v18.8.1

v18.8.2

v18.8.3

v18.8.4

v18.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/netty/netty

Affected ranges

Type: GIT
Repo: https://github.com/netty/netty
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

58f75f665aa81a8cbcf6ffa74820042a285c5e61

Affected versions

netty-4.*

netty-4.0.0.Alpha1

netty-4.0.0.Alpha2

netty-4.0.0.Alpha3

netty-4.0.0.Alpha4

netty-4.0.0.Alpha5

netty-4.0.0.Alpha6

netty-4.0.0.Alpha7

netty-4.0.0.Alpha8

netty-4.0.0.Beta1

netty-4.0.0.Beta2

netty-4.0.0.Beta3

netty-4.0.0.CR1

netty-4.0.0.CR2

netty-4.0.0.CR3

netty-4.0.0.CR4

netty-4.0.0.CR5

netty-4.0.0.CR7

netty-4.0.0.CR8

netty-4.0.0.CR9

netty-4.0.0.Final

netty-4.0.1.Final

netty-4.0.10.Final

netty-4.0.11.Final

netty-4.0.12.Final

netty-4.0.13.Final

netty-4.0.14.Beta1

netty-4.0.14.Final

netty-4.0.15.Final

netty-4.0.2.Final

netty-4.0.3.Final

netty-4.0.4.Final

netty-4.0.5.Final

netty-4.0.6.Final

netty-4.0.7.Final

netty-4.0.8.Final

netty-4.1.0.Beta1

netty-4.1.0.Beta2

netty-4.1.0.Beta3

netty-4.1.0.Beta4

netty-4.1.0.Beta5

netty-4.1.0.Beta6

netty-4.1.0.Beta7

netty-4.1.0.Beta8

netty-4.1.0.CR1

netty-4.1.0.CR2

netty-4.1.0.CR3

netty-4.1.0.CR4

netty-4.1.0.CR5

netty-4.1.0.CR6

netty-4.1.0.CR7

netty-4.1.0.Final

netty-4.1.1.Final

netty-4.1.10.Final

netty-4.1.11.Final

netty-4.1.12.Final

netty-4.1.13.Final

netty-4.1.14.Final

netty-4.1.15.Final

netty-4.1.16.Final

netty-4.1.17.Final

netty-4.1.18.Final

netty-4.1.19.Final

netty-4.1.2.Final

netty-4.1.20.Final

netty-4.1.21.Final

netty-4.1.22.Final

netty-4.1.23.Final

netty-4.1.24.Final

netty-4.1.25.Final

netty-4.1.26.Final

netty-4.1.27.Final

netty-4.1.28.Final

netty-4.1.29.Final

netty-4.1.3.Final

netty-4.1.30.Final

netty-4.1.31.Final

netty-4.1.32.Final

netty-4.1.33.Final

netty-4.1.34.Final

netty-4.1.35.Final

netty-4.1.36.Final

netty-4.1.37.Final

netty-4.1.38.Final

netty-4.1.39.Final

netty-4.1.4.Final

netty-4.1.40.Final

netty-4.1.41.Final

netty-4.1.42.Final

netty-4.1.43.Final

netty-4.1.44.Final

netty-4.1.45.Final

netty-4.1.46.Final

netty-4.1.47.Final

netty-4.1.48.Final

netty-4.1.49.Final

netty-4.1.5.Final

netty-4.1.50.Final

netty-4.1.51.Final

netty-4.1.52.Final

netty-4.1.53.Final

netty-4.1.54.Final

netty-4.1.55.Final

netty-4.1.56.Final

netty-4.1.57.Final

netty-4.1.58.Final

netty-4.1.59.Final

netty-4.1.6.Final

netty-4.1.60.Final

netty-4.1.61.Final

netty-4.1.62.Final

netty-4.1.63.Final

netty-4.1.64.Final

netty-4.1.65.Final

netty-4.1.66.Final

netty-4.1.67.Final

netty-4.1.68.Final

netty-4.1.69.Final

netty-4.1.7.Final

netty-4.1.70.Final

netty-4.1.71.Final

netty-4.1.72.Final

netty-4.1.73.Final

netty-4.1.74.Final

netty-4.1.75.Final

netty-4.1.76.Final

netty-4.1.77.Final

netty-4.1.78.Final

netty-4.1.79.Final

netty-4.1.8.Final

netty-4.1.80.Final

netty-4.1.81.Final

netty-4.1.82.Final

netty-4.1.83.Final

netty-4.1.84.Final

netty-4.1.85.Final

netty-4.1.86.Final

netty-4.1.87.Final

netty-4.1.88.Final

netty-4.1.89.Final

netty-4.1.9.Final

netty-4.1.90.Final

netty-4.1.91.Final

netty-4.1.92.Final

netty-4.1.93.Final

netty-4.1.94.Final

netty-4.1.95.Final

netty-4.1.96.Final

netty-4.1.97.Final

netty-4.1.98.Final

netty-4.1.99.Final

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "125653841197755015383824085277395303348",
                "90418587286054842174517546781689668578",
                "151242893358356810592204537174328377728",
                "39893465424968585855307447200384440857",
                "255665036340097661680623602812006508047",
                "175832492354488066379649821142738785749",
                "217820127006468297893954384014110769203",
                "45503679288625033659896703612419790998",
                "203678239741338965265560476255201408556",
                "26647441025014002737278366428472284756",
                "214268563287895355931266018920676640314",
                "326725953729396929244827591844043620568",
                "287743702612693595655651666470853231804",
                "280682175060858981970542351060069250410",
                "164882572200281737650816636634160836745",
                "135745700086611110039446803415426203221",
                "184478615219231105271671502653528822815"
            ]
        },
        "source": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
        "deprecated": false,
        "id": "CVE-2023-44487-316dc442",
        "signature_type": "Line",
        "target": {
            "file": "codec-http2/src/main/java/io/netty/handler/codec/http2/AbstractHttp2ConnectionHandlerBuilder.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "16735128250395063398141887077049053742",
                "65294614127459941946307055286129098191",
                "277430768673836084511343809579198895862",
                "103372399134332054939248432284104540540",
                "238798030421717051437763159167025399488",
                "81096357800483170626125468848033922878",
                "153804175243775834163807606123820043951",
                "52521870671296124989521093171926806498",
                "194005468057387631812701794470237768011",
                "333700852061655906066052207224633564228",
                "304845782338742972530716022272444441953",
                "271236924675914146234721144301392245446",
                "78269309098620982866867106289155000969",
                "288885498558228198286238179279824487251",
                "73653074389916922318080804193917209741",
                "125412958094124814796670713864970374852",
                "172435094042166061091601672582797746991",
                "125333170306924586976060012907004280044",
                "338143110237770229409247235671510195847",
                "32438289396276550613948674520925674990",
                "28199600148976914439998831223350748650",
                "320386303651994676700322115949793400166",
                "339173214183602301590023767829271839521",
                "76556667333872069465724770437751404723",
                "9401768708171708196925050928953207314",
                "4688725266895228616458641659678759166",
                "57063629870321924651018731012497520992",
                "154920922165130022281584794232586234094",
                "86042005517765526587370047814600680586",
                "52342039113735602673964372912217535750",
                "329491445113934849905435327340288555755",
                "177185184524246663766121475782238307307",
                "267227223180714821027068557741028826827",
                "66216846262297558993246968303090113125",
                "232634522799228696895558487346169934959",
                "76586462288042028935997856620061239150"
            ]
        },
        "source": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
        "deprecated": false,
        "id": "CVE-2023-44487-396bc60a",
        "signature_type": "Line",
        "target": {
            "file": "codec-http2/src/test/java/io/netty/handler/codec/http2/Http2EmptyDataFrameConnectionDecoderTest.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "length": 513.0,
            "function_hash": "201182205581498582350704174032005350866"
        },
        "source": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
        "deprecated": false,
        "id": "CVE-2023-44487-4dcf71aa",
        "signature_type": "Function",
        "target": {
            "function": "buildFromCodec",
            "file": "codec-http2/src/main/java/io/netty/handler/codec/http2/AbstractHttp2ConnectionHandlerBuilder.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "length": 645.0,
            "function_hash": "75416424745415690959836396218773344287"
        },
        "source": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
        "deprecated": false,
        "id": "CVE-2023-44487-62d37ea7",
        "signature_type": "Function",
        "target": {
            "function": "testDecoration",
            "file": "codec-http2/src/test/java/io/netty/handler/codec/http2/Http2EmptyDataFrameConnectionDecoderTest.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "33134734909587663339818629659976090823",
                "272048144275268619834493568780310487596",
                "224826635466754118933900601091791444299"
            ]
        },
        "source": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
        "deprecated": false,
        "id": "CVE-2023-44487-662b95ca",
        "signature_type": "Line",
        "target": {
            "file": "codec-http2/src/main/java/io/netty/handler/codec/http2/Http2FrameCodecBuilder.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "180662945750400519118145642308779674614",
                "62306042824350136150524994252417120434",
                "188854520484551783617200803370691804218"
            ]
        },
        "source": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
        "deprecated": false,
        "id": "CVE-2023-44487-b2682bbf",
        "signature_type": "Line",
        "target": {
            "file": "codec-http2/src/main/java/io/netty/handler/codec/http2/Http2MultiplexCodecBuilder.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "length": 159.0,
            "function_hash": "223971630053580329111965032198166109919"
        },
        "source": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
        "deprecated": false,
        "id": "CVE-2023-44487-d6d21cf1",
        "signature_type": "Function",
        "target": {
            "function": "testDecorationWithNull",
            "file": "codec-http2/src/test/java/io/netty/handler/codec/http2/Http2EmptyDataFrameConnectionDecoderTest.java"
        },
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/nghttp2/nghttp2

Affected ranges

Type: GIT
Repo: https://github.com/nghttp2/nghttp2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6f41cc72718a1c0fca39e83d9537c1a91efa6d18

Affected versions

v0.*

v0.1.0

v0.2.0

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.5.0

v0.5.1

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.7.0

v0.7.1

v0.7.10

v0.7.11

v0.7.12

v0.7.13

v0.7.14

v0.7.15

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.7.8

v0.7.9

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.1.0

v1.1.1

v1.1.2

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.19.0

v1.2.0

v1.2.1

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.28.0

v1.29.0

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.34.0

v1.35.0

v1.36.0

v1.37.0

v1.38.0

v1.39.0

v1.4.0

v1.40.0

v1.41.0

v1.42.0

v1.43.0

v1.44.0

v1.45.0

v1.46.0

v1.47.0

v1.48.0

v1.49.0

v1.5.0

v1.50.0

v1.51.0

v1.52.0

v1.53.0

v1.54.0

v1.55.0

v1.56.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0

v1.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/nginx/nginx

Affected ranges

Type: GIT
Repo: https://github.com/nginx/nginx
Events: Introduced

87c8507f20eb32e757aa3ef2e709f395f577a7f6

Fixed

0f648f687505d46fafa77f2931595bad1fa10ebb

Introduced

ffcf93a6bf0c203c136e9ee9d65b81659ca9f7b6

Fixed

0b65f34ef072c18ed688babe3c36781dda4c717d

Affected versions

release-1.*

release-1.19.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

49a77a5a996a49e8cb728eed42e55a7c1a9eef6e

Fixed

8a01b3dcb7d08a48bfd3e6bf85ef49faa1454839

Introduced

e7618fb5a5fc25d76b6474e2a6607f04fd6f10e0

Fixed

b485ffc458edc7140d43093cd8837a7c1ccc5ab3

Affected versions

v18.*

v18.0.0

v18.1.0

v18.10.0

v18.11.0

v18.12.0

v18.12.1

v18.13.0

v18.14.0

v18.14.1

v18.14.2

v18.15.0

v18.16.0

v18.16.1

v18.17.0

v18.17.1

v18.18.0

v18.18.1

v18.2.0

v18.3.0

v18.4.0

v18.5.0

v18.6.0

v18.7.0

v18.8.0

v18.9.0

v18.9.1

v20.*

v20.0.0

v20.1.0

v20.2.0

v20.3.0

v20.3.1

v20.4.0

v20.5.0

v20.5.1

v20.6.0

v20.6.1

v20.7.0

v20.8.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"

github.com/projectcontour/contour

Affected ranges

Type: GIT
Repo: https://github.com/projectcontour/contour
Events: Introduced

644dddba5ce67673eb3d90dab44d681d32359bb6

Fixed

d78d747c7e1573427a0c03001b26ff4e98b5081a

Introduced

7661e34628380be5dc1658ff6cefae9ace8d96f3

Fixed

59c8f68fc1556251feb1408aa8d617c4d1c2314b

Introduced

889ec61fba3f2c7e6ff0fb5451d38ec5f4905564

Fixed

011857bb6934d36c1695f15aec7752608b1048c4

Affected versions

v1.*

v1.18.0

v1.18.1

v1.18.2

v1.19.0

v1.21.0

v1.21.1

v1.21.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44487.json"