CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000168

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.067

EPSS Ranking 90.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2018-1000168

Nghttp2 » Nghttp2 » Version: 1.10.0

cpe:2.3:a:nghttp2:nghttp2:1.10.0
Nghttp2 » Nghttp2 » Version: 1.11.0

cpe:2.3:a:nghttp2:nghttp2:1.11.0
Nghttp2 » Nghttp2 » Version: 1.11.1

cpe:2.3:a:nghttp2:nghttp2:1.11.1
Nghttp2 » Nghttp2 » Version: 1.12.0

cpe:2.3:a:nghttp2:nghttp2:1.12.0
Nghttp2 » Nghttp2 » Version: 1.13.0

cpe:2.3:a:nghttp2:nghttp2:1.13.0
Nghttp2 » Nghttp2 » Version: 1.14.0

cpe:2.3:a:nghttp2:nghttp2:1.14.0
Nghttp2 » Nghttp2 » Version: 1.14.1

cpe:2.3:a:nghttp2:nghttp2:1.14.1
Nghttp2 » Nghttp2 » Version: 1.15.0

cpe:2.3:a:nghttp2:nghttp2:1.15.0
Nghttp2 » Nghttp2 » Version: 1.16.0

cpe:2.3:a:nghttp2:nghttp2:1.16.0
Nghttp2 » Nghttp2 » Version: 1.16.1

cpe:2.3:a:nghttp2:nghttp2:1.16.1
Nghttp2 » Nghttp2 » Version: 1.17.0

cpe:2.3:a:nghttp2:nghttp2:1.17.0
Nghttp2 » Nghttp2 » Version: 1.18.0

cpe:2.3:a:nghttp2:nghttp2:1.18.0
Nghttp2 » Nghttp2 » Version: 1.18.1

cpe:2.3:a:nghttp2:nghttp2:1.18.1
Nghttp2 » Nghttp2 » Version: 1.19.0

cpe:2.3:a:nghttp2:nghttp2:1.19.0
Nghttp2 » Nghttp2 » Version: 1.20.0

cpe:2.3:a:nghttp2:nghttp2:1.20.0
Nghttp2 » Nghttp2 » Version: 1.21.0

cpe:2.3:a:nghttp2:nghttp2:1.21.0
Nghttp2 » Nghttp2 » Version: 1.21.1

cpe:2.3:a:nghttp2:nghttp2:1.21.1
Nghttp2 » Nghttp2 » Version: 1.22.0

cpe:2.3:a:nghttp2:nghttp2:1.22.0
Nghttp2 » Nghttp2 » Version: 1.23.0

cpe:2.3:a:nghttp2:nghttp2:1.23.0
Nghttp2 » Nghttp2 » Version: 1.23.1

cpe:2.3:a:nghttp2:nghttp2:1.23.1
Nghttp2 » Nghttp2 » Version: 1.24.0

cpe:2.3:a:nghttp2:nghttp2:1.24.0
Nghttp2 » Nghttp2 » Version: 1.25.0

cpe:2.3:a:nghttp2:nghttp2:1.25.0
Nghttp2 » Nghttp2 » Version: 1.26.0

cpe:2.3:a:nghttp2:nghttp2:1.26.0
Nghttp2 » Nghttp2 » Version: 1.27.0

cpe:2.3:a:nghttp2:nghttp2:1.27.0
Nghttp2 » Nghttp2 » Version: 1.28.0

cpe:2.3:a:nghttp2:nghttp2:1.28.0
Nghttp2 » Nghttp2 » Version: 1.29.0

cpe:2.3:a:nghttp2:nghttp2:1.29.0
Nghttp2 » Nghttp2 » Version: 1.30.0

cpe:2.3:a:nghttp2:nghttp2:1.30.0
Nghttp2 » Nghttp2 » Version: 1.31.0

cpe:2.3:a:nghttp2:nghttp2:1.31.0
Nodejs » Node.js » Version: 10.0.0

cpe:2.3:a:nodejs:node.js:10.0.0
Nodejs » Node.js » Version: 10.1.0

cpe:2.3:a:nodejs:node.js:10.1.0
Nodejs » Node.js » Version: 10.2.0

cpe:2.3:a:nodejs:node.js:10.2.0
Nodejs » Node.js » Version: 10.2.1

cpe:2.3:a:nodejs:node.js:10.2.1
Nodejs » Node.js » Version: 10.3.0

cpe:2.3:a:nodejs:node.js:10.3.0
Nodejs » Node.js » Version: 10.4.0

cpe:2.3:a:nodejs:node.js:10.4.0
Nodejs » Node.js » Version: 6.0.0

cpe:2.3:a:nodejs:node.js:6.0.0
Nodejs » Node.js » Version: 6.1.0

cpe:2.3:a:nodejs:node.js:6.1.0
Nodejs » Node.js » Version: 6.2.0

cpe:2.3:a:nodejs:node.js:6.2.0
Nodejs » Node.js » Version: 6.2.1

cpe:2.3:a:nodejs:node.js:6.2.1
Nodejs » Node.js » Version: 6.2.2

cpe:2.3:a:nodejs:node.js:6.2.2
Nodejs » Node.js » Version: 6.3.0

cpe:2.3:a:nodejs:node.js:6.3.0
Nodejs » Node.js » Version: 6.3.1

cpe:2.3:a:nodejs:node.js:6.3.1
Nodejs » Node.js » Version: 6.4.0

cpe:2.3:a:nodejs:node.js:6.4.0
Nodejs » Node.js » Version: 6.5.0

cpe:2.3:a:nodejs:node.js:6.5.0
Nodejs » Node.js » Version: 6.6.0

cpe:2.3:a:nodejs:node.js:6.6.0
Nodejs » Node.js » Version: 6.7.0

cpe:2.3:a:nodejs:node.js:6.7.0
Nodejs » Node.js » Version: 6.8.0

cpe:2.3:a:nodejs:node.js:6.8.0
Nodejs » Node.js » Version: 6.8.1

cpe:2.3:a:nodejs:node.js:6.8.1
Nodejs » Node.js » Version: 8.10.0

cpe:2.3:a:nodejs:node.js:8.10.0
Nodejs » Node.js » Version: 8.11.0

cpe:2.3:a:nodejs:node.js:8.11.0
Nodejs » Node.js » Version: 8.11.1

cpe:2.3:a:nodejs:node.js:8.11.1
Nodejs » Node.js » Version: 8.11.2

cpe:2.3:a:nodejs:node.js:8.11.2
Nodejs » Node.js » Version: 8.11.3

cpe:2.3:a:nodejs:node.js:8.11.3
Nodejs » Node.js » Version: 8.11.4

cpe:2.3:a:nodejs:node.js:8.11.4
Nodejs » Node.js » Version: 8.12.0

cpe:2.3:a:nodejs:node.js:8.12.0
Nodejs » Node.js » Version: 8.13.0

cpe:2.3:a:nodejs:node.js:8.13.0
Nodejs » Node.js » Version: 8.14.0

cpe:2.3:a:nodejs:node.js:8.14.0
Nodejs » Node.js » Version: 8.14.1

cpe:2.3:a:nodejs:node.js:8.14.1
Nodejs » Node.js » Version: 8.15.0

cpe:2.3:a:nodejs:node.js:8.15.0
Nodejs » Node.js » Version: 8.15.1

cpe:2.3:a:nodejs:node.js:8.15.1
Nodejs » Node.js » Version: 8.16.0

cpe:2.3:a:nodejs:node.js:8.16.0
Nodejs » Node.js » Version: 8.16.1

cpe:2.3:a:nodejs:node.js:8.16.1
Nodejs » Node.js » Version: 8.16.2

cpe:2.3:a:nodejs:node.js:8.16.2
Nodejs » Node.js » Version: 8.17.0

cpe:2.3:a:nodejs:node.js:8.17.0
Nodejs » Node.js » Version: 8.4.0

cpe:2.3:a:nodejs:node.js:8.4.0
Nodejs » Node.js » Version: 8.5.0

cpe:2.3:a:nodejs:node.js:8.5.0
Nodejs » Node.js » Version: 8.6.0

cpe:2.3:a:nodejs:node.js:8.6.0
Nodejs » Node.js » Version: 8.7.0

cpe:2.3:a:nodejs:node.js:8.7.0
Nodejs » Node.js » Version: 8.8.0

cpe:2.3:a:nodejs:node.js:8.8.0
Nodejs » Node.js » Version: 8.8.1

cpe:2.3:a:nodejs:node.js:8.8.1
Nodejs » Node.js » Version: 8.9.0

cpe:2.3:a:nodejs:node.js:8.9.0
Nodejs » Node.js » Version: 8.9.1

cpe:2.3:a:nodejs:node.js:8.9.1
Nodejs » Node.js » Version: 8.9.2

cpe:2.3:a:nodejs:node.js:8.9.2
Nodejs » Node.js » Version: 8.9.3

cpe:2.3:a:nodejs:node.js:8.9.3
Nodejs » Node.js » Version: 8.9.4

cpe:2.3:a:nodejs:node.js:8.9.4
Nodejs » Node.js » Version: 9.0.0

cpe:2.3:a:nodejs:node.js:9.0.0
Nodejs » Node.js » Version: 9.1.0

cpe:2.3:a:nodejs:node.js:9.1.0
Nodejs » Node.js » Version: 9.10.0

cpe:2.3:a:nodejs:node.js:9.10.0
Nodejs » Node.js » Version: 9.10.1

cpe:2.3:a:nodejs:node.js:9.10.1
Nodejs » Node.js » Version: 9.11.0

cpe:2.3:a:nodejs:node.js:9.11.0
Nodejs » Node.js » Version: 9.11.1

cpe:2.3:a:nodejs:node.js:9.11.1
Nodejs » Node.js » Version: 9.11.2

cpe:2.3:a:nodejs:node.js:9.11.2
Nodejs » Node.js » Version: 9.2.0

cpe:2.3:a:nodejs:node.js:9.2.0
Nodejs » Node.js » Version: 9.2.1

cpe:2.3:a:nodejs:node.js:9.2.1
Nodejs » Node.js » Version: 9.3.0

cpe:2.3:a:nodejs:node.js:9.3.0
Nodejs » Node.js » Version: 9.4.0

cpe:2.3:a:nodejs:node.js:9.4.0
Nodejs » Node.js » Version: 9.5.0

cpe:2.3:a:nodejs:node.js:9.5.0
Nodejs » Node.js » Version: 9.6.0

cpe:2.3:a:nodejs:node.js:9.6.0
Nodejs » Node.js » Version: 9.6.1

cpe:2.3:a:nodejs:node.js:9.6.1
Nodejs » Node.js » Version: 9.7.0

cpe:2.3:a:nodejs:node.js:9.7.0
Nodejs » Node.js » Version: 9.7.1

cpe:2.3:a:nodejs:node.js:9.7.1
Nodejs » Node.js » Version: 9.8.0

cpe:2.3:a:nodejs:node.js:9.8.0
Nodejs » Node.js » Version: 9.9.0

cpe:2.3:a:nodejs:node.js:9.9.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000168

Products

Pricing

Contact Us