|Category:||Denial of Service|
|Title:||nghttp2 < 1.41.0 DoS Vulnerability|
|Summary:||nghttpd2 is prone to a denial of service vulnerability due to when; receiving an overly large HTTP/2 SETTINGS frame payload.|
nghttpd2 is prone to a denial of service vulnerability due to when
receiving an overly large HTTP/2 SETTINGS frame payload.
The proof of concept attack involves a malicious client constructing a
SETTINGS frame with a length of 14400 bytes (2400 individual settings entries) over and over again. The
attack causes the CPU to spike at 100%.
nghttpd2 versions prior to 1.41.0.
Update to version 1.41.0 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2020-11080|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.