CVE-2018-16843

CWE-400Uncontrolled Resource Consumption12 documents9 sources
Severity
7.5HIGH
EPSS
55.5%
top 1.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple XcodeF5 Nginx[unknown] Nginx+3 more
Timeline
PublishedNov 7
Latest updateMay 13

Description

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDf5/nginx< 1.14.1+1
Debiannginx< 1.14.1-1+3
Ubuntunginx< 1.4.6-1ubuntu3.9+2
CVEListV5[unknown]/nginx1.14.1, 1.15.6+1
NVDapple/xcode< 13.0

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

4
GHSA
GHSA-4p62-4q7w-qmcg: nginx before versions 12022-05-13
OSV
nginx vulnerabilities2018-11-07
OSV
CVE-2018-16843: nginx before versions 12018-11-07
CVEList
CVE-2018-16843: nginx before versions 12018-11-07

📋Vendor Advisories

4
Apple
CVE-2018-16843: Xcode 132021-09-20
Ubuntu
nginx vulnerabilities2018-11-07
Red Hat
nginx: Excessive memory consumption via flaw in HTTP/2 implementation2018-11-06
Debian
CVE-2018-16843: nginx - nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementatio...2018

💬Community

3
Bugzilla
CVE-2018-16843 nginx: Excessive memory consumption via flaw in HTTP/2 implementation [fedora-all]2018-11-07
Bugzilla
CVE-2018-16843 nginx: Excessive memory consumption via flaw in HTTP/2 implementation [epel-all]2018-11-07
Bugzilla
CVE-2018-16843 nginx: Excessive memory consumption via flaw in HTTP/2 implementation2018-10-31