CVE-2020-11080
Denial of service in nghttp2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
En nghttp2 versiones anteriores a 1.41.0, la carga útil de la trama HTTP/2 SETTINGS demasiado grande causa una denegación de servicio. El ataque de prueba de concepto involucra a un cliente malicioso que construye una trama SETTINGS con una longitud de 14,400 bytes (2400 entradas de configuraciones individuales) una y otra vez. El ataque causa que la CPU se aumente al 100%. nghttp2 versión v1.41.0 corrige esta vulnerabilidad. Existe una solución alternativa a esta vulnerabilidad. Implemente la función nghttp2_on_frame_recv_callback callback, y si la trama es recibida es la trama SETTINGS y el número de entradas de configuración es grande (por ejemplo, mayor a 32), luego desconecte la conexión
A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-30 CVE Reserved
- 2020-06-03 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-707: Improper Neutralization
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html | Mailing List |
|
| https://www.oracle.com//security-alerts/cpujul2021.html | Not Applicable |
|
| https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpuoct2020.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nghttp2 Search vendor "Nghttp2" | Nghttp2 Search vendor "Nghttp2" for product "Nghttp2" | < 1.41.0 Search vendor "Nghttp2" for product "Nghttp2" and version " < 1.41.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Extensibility Workbench Search vendor "Oracle" for product "Banking Extensibility Workbench" | 14.3.0 Search vendor "Oracle" for product "Banking Extensibility Workbench" and version "14.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Extensibility Workbench Search vendor "Oracle" for product "Banking Extensibility Workbench" | 14.4.0 Search vendor "Oracle" for product "Banking Extensibility Workbench" and version "14.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Blockchain Platform Search vendor "Oracle" for product "Blockchain Platform" | < 21.1.2 Search vendor "Oracle" for product "Blockchain Platform" and version " < 21.1.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.1.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.2.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Graalvm Search vendor "Oracle" for product "Graalvm" | 19.3.2 Search vendor "Oracle" for product "Graalvm" and version "19.3.2" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Graalvm Search vendor "Oracle" for product "Graalvm" | 20.1.0 Search vendor "Oracle" for product "Graalvm" and version "20.1.0" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 7.3.0 <= 7.3.30 Search vendor "Oracle" for product "Mysql" and version " >= 7.3.0 <= 7.3.30" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 7.4.0 <= 7.4.29 Search vendor "Oracle" for product "Mysql" and version " >= 7.4.0 <= 7.4.29" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 7.5.0 <= 7.5.19 Search vendor "Oracle" for product "Mysql" and version " >= 7.5.0 <= 7.5.19" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 7.6.0 <= 7.6.15 Search vendor "Oracle" for product "Mysql" and version " >= 7.6.0 <= 7.6.15" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 8.0.0 <= 8.0.21 Search vendor "Oracle" for product "Mysql" and version " >= 8.0.0 <= 8.0.21" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 10.0.0 <= 10.12.0 Search vendor "Nodejs" for product "Node.js" and version " >= 10.0.0 <= 10.12.0" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 10.13.0 < 10.21.0 Search vendor "Nodejs" for product "Node.js" and version " >= 10.13.0 < 10.21.0" | lts |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 12.0.0 <= 12.12.0 Search vendor "Nodejs" for product "Node.js" and version " >= 12.0.0 <= 12.12.0" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 12.13.0 < 12.18.0 Search vendor "Nodejs" for product "Node.js" and version " >= 12.13.0 < 12.18.0" | lts |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 14.0.0 <= 14.4.0 Search vendor "Nodejs" for product "Node.js" and version " >= 14.0.0 <= 14.4.0" | - |
Affected
| ||||||