CVE-2016-1544

Published on: 02/06/2020 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:05 PM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Certain versions of Fedora from Fedoraproject contain the following vulnerability:

nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).

  • CVE-2016-1544 has been assigned by [email protected] to track the vulnerability - currently rated as LOW severity.
  • Affected Vendor/Software: nghttp2 - nghttp2 version before 1.7.1

CVSS3 Score: 3.3 - LOW

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE LOW

CVSS2 Score: 2.1 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
Release nghttp2 v1.7.1 · nghttp2/nghttp2 · GitHub Release Notes
Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/nghttp2/nghttp2/releases/tag/v1.7.1
Comparing v1.7.0...v1.7.1 · nghttp2/nghttp2 · GitHub Release Notes
Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/nghttp2/nghttp2/compare/v1.7.0...v1.7.1
[SECURITY] Fedora 23 Update: nghttp2-1.7.1-1.fc23 Mailing List
Patch
Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo CONFIRM lists.fedoraproject.org/pipermail/package-announce/2016-February/177308.html
[SECURITY] Fedora 22 Update: nghttp2-1.7.1-1.fc22 Mailing List
Patch
Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo CONFIRM lists.fedoraproject.org/pipermail/package-announce/2016-February/177666.html
1308461 – (CVE-2016-1544) CVE-2016-1544 nghttp2: out of memory error due to unlimited incoming HTTP header fields Issue Tracking
Patch
Third Party Advisory
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1308461
nghttp2: Denial of Service (GLSA 201612-13) — Gentoo security Third Party Advisory
security.gentoo.org
text/html
URL Logo CONFIRM security.gentoo.org/glsa/201612-13

Related QID Numbers

  • 174904 SUSE Enterprise Linux Security Update for nghttp2 (SUSE-SU-2021:0932-1)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
FedoraprojectFedora22AllAllAll
Operating
System
FedoraprojectFedora23AllAllAll
Operating
System
FedoraprojectFedora22AllAllAll
Operating
System
FedoraprojectFedora23AllAllAll
ApplicationNghttp2Nghttp2AllAllAllAll
ApplicationNghttp2Nghttp2AllAllAllAll
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
  • cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*: