CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Nodejs: >> Node.js >> 10.4.0 Security Vulnerabilities

CVE-2018-1000168

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

CVSS Score

7.5

EPSS Score

0.036

Published

2018-05-08

Page 5

Vulnerabilities

Vulnerable Software

Nodejs: >> Node.js >> 10.4.0 Security Vulnerabilities

Products

Pricing

Contact Us