CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1544
https://notcve.org/view.php?id=CVE-2016-1544
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). nghttp2 versiones anteriores a 1.7.1, permite a atacantes remotos causar una denegación de servicio (agotamiento de la memoria). • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177308.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177666.html https://bugzilla.redhat.com/show_bug.cgi?id=1308461 https://github.com/nghttp2/nghttp2/compare/v1.7.0...v1.7.1 https://github.com/nghttp2/nghttp2/releases/tag/v1.7.1 https://security.gentoo.org/glsa/201612-13 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2015-8659
https://notcve.org/view.php?id=CVE-2015-8659
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. El manejo de flujo de datos en reposo en nghttp2 en versiones anteriores a 1.6.0 permite atacantes tener un impacto no especificado a través de vectores desconocidos, también conocido como error de uso después de liberación de memoria dinámica. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175085.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175423.html http://www.openwall.com/lists/oss-security/2015&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •