Debian/nghttp2 — 15 CVEs

MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update

from 0, < 1.43.0-1+deb11u1

MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update

from 0, < 1.43.0-1+deb11u1

CRITICAL10.0The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free…

from 0, < 1.6.0-1

HIGH7.5nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C.

from 0, < 1.43.0-1+deb11u3

HIGH7.5nodejs - security update

from 0, < 1.36.0-2+deb10u2

HIGH7.5nodejs - security update

from 0, < 1.41.0-1

HIGH7.5Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service.

from 0, < 1.39.2-1

HIGH7.5nghttp2 - security update

from 0, < 1.39.2-1

HIGH7.5nghttp2 - security update

from 0, < 1.18.1-1+deb9u1

HIGH7.5nghttp2 - security update

from 0, < 1.18.1-1+deb9u2

HIGH7.5nghttp2 - security update

from 0, < 1.31.1-1

MEDIUM5.3nghttp2 - security update

from 0, < 1.36.0-2+deb10u3

MEDIUM5.3nghttp2 - security update

from 0, < 1.43.0-1+deb11u2

MEDIUM5.3nghttp2 - security update

from 0, < 1.43.0-1+deb11u2

LOW3.3nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).

from 0, < 1.7.1-1

pkg:Debian/nghttp2

✅ Check your installed version

All known vulnerabilities