Information on source package nghttp2

Available versions

ReleaseVersion
jessie0.6.4-2+deb8u1
stretch1.18.1-1+deb9u4
stretch (security)1.18.1-1+deb9u2
buster1.36.0-2+deb10u3
bullseye1.43.0-1+deb11u1
bullseye (security)1.43.0-1+deb11u2
bookworm1.52.0-1+deb12u1
trixie1.64.0-1
sid1.64.0-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-28182vulnerablefixedfixedfixedvulnerable (no DSA)fixedfixednghttp2 is an implementation of the Hypertext Transfer Protocol versio ...
CVE-2023-44487vulnerablefixedfixedfixedfixedfixedfixedThe HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2016-1544vulnerable (no DSA)fixedfixedfixedfixedfixedfixednghttp2 before 1.7.1 allows remote attackers to cause a denial of serv ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
TEMP-0000000-A4EF31vulnerablefixedfixedfixedfixedfixedfixedNull pointer access in inflatehd tool

Resolved issues

BugDescription
CVE-2020-11080In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...
CVE-2019-9513Some HTTP/2 implementations are vulnerable to resource loops, potentia ...
CVE-2019-9511Some HTTP/2 implementations are vulnerable to window size manipulation ...
CVE-2018-1000168nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper ...
CVE-2015-8659The idle stream handling in nghttp2 before 1.6.0 allows attackers to h ...

Security announcements

DSA / DLADescription
DLA-3898-1nghttp2 - security update
ELA-1104-1nghttp2 - security update
DLA-3804-1nghttp2 - security update
DSA-5570-1nghttp2 - security update
DLA-3621-1nghttp2 - security update
ELA-984-1nghttp2 - security update
DLA-2786-1nghttp2 - security update
ELA-490-1nghttp2 - security update
DSA-4511-1nghttp2 - security update

Search for package or bug name: Reporting problems