Release | Version |
---|---|
jessie | 0.6.4-2+deb8u1 |
stretch | 1.18.1-1+deb9u4 |
stretch (security) | 1.18.1-1+deb9u2 |
buster | 1.36.0-2+deb10u3 |
bullseye | 1.43.0-1+deb11u1 |
bullseye (security) | 1.43.0-1+deb11u2 |
bookworm | 1.52.0-1+deb12u1 |
trixie | 1.64.0-1 |
sid | 1.64.0-1 |
Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|---|---|
CVE-2024-28182 | vulnerable | fixed | fixed | fixed | vulnerable (no DSA) | fixed | fixed | nghttp2 is an implementation of the Hypertext Transfer Protocol versio ... |
CVE-2023-44487 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | The HTTP/2 protocol allows a denial of service (server resource consum ... |
CVE-2016-1544 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | nghttp2 before 1.7.1 allows remote attackers to cause a denial of serv ... |
Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|---|---|
TEMP-0000000-A4EF31 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Null pointer access in inflatehd tool |
Bug | Description |
---|---|
CVE-2020-11080 | In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ... |
CVE-2019-9513 | Some HTTP/2 implementations are vulnerable to resource loops, potentia ... |
CVE-2019-9511 | Some HTTP/2 implementations are vulnerable to window size manipulation ... |
CVE-2018-1000168 | nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper ... |
CVE-2015-8659 | The idle stream handling in nghttp2 before 1.6.0 allows attackers to h ... |
DSA / DLA | Description |
---|---|
DLA-3898-1 | nghttp2 - security update |
ELA-1104-1 | nghttp2 - security update |
DLA-3804-1 | nghttp2 - security update |
DSA-5570-1 | nghttp2 - security update |
DLA-3621-1 | nghttp2 - security update |
ELA-984-1 | nghttp2 - security update |
DLA-2786-1 | nghttp2 - security update |
ELA-490-1 | nghttp2 - security update |
DSA-4511-1 | nghttp2 - security update |