CVE-2016-1544
LOWnghttp2 < 1.7.1 - Denial of Service via Memory Exhaustion
Title source: llmDescription
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
References (6)
Core 6
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/nghttp2/nghttp2/releases/tag/v1.7.1
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/nghttp2/nghttp2/compare/v1.7.0...v1.7.1
Mailing List, Patch, Third Party Advisory x_refsource_confirm
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177666.html
Mailing List, Patch, Third Party Advisory x_refsource_confirm
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177308.html
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1308461
Third Party Advisory x_refsource_confirm
https://security.gentoo.org/glsa/201612-13
Scores
CVSS v3
3.3
EPSS
0.0089
EPSS Percentile
54.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-400
Status
published
Products (3)
fedoraproject/fedora
22
fedoraproject/fedora
23
nghttp2/nghttp2
< 1.7.1
Published
Feb 06, 2020
Tracked Since
Feb 18, 2026