CVE-2018-16843

HIGH

nginx <1.15.6, 1.14.1 - Memory Corruption

Title source: llm

Description

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Exploits (1)

nomisec WORKING POC

by flyniu666 · poc

https://github.com/flyniu666/ingress-nginx-0.21-1.19.5

View Code ZIP pw:eip

References (12)

Core 12

Core References

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4335

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:3680

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:3681

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105868

Mailing List, Vendor Advisory x_refsource_misc

http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1042038

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16843

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:3653

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3812-1/

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html

Third Party Advisory x_refsource_confirm

https://support.apple.com/kb/HT212818

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2021/Sep/36

Scores

CVSS v3 7.5

EPSS 0.5554

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (8)

apple/xcode < 13.0

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 18.10

debian/debian_linux 9.0

f5/nginx 1.9.5 - 1.14.1

opensuse/leap 15.1

Published Nov 07, 2018

Tracked Since Feb 18, 2026