Lucene search
RedHatRHSA-2023:5768HistoryOct 17, 2023 - 8:51 a.m.
(RHSA-2023:5768) Important: nghttp2 security update
2023-10-1708:51:22
access.redhat.com
101
nghttp2
security update
ddos attack
http/2
cve-2023-44487
red hat
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.816
Percentile
98.4%
nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.
Security Fix(es):
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | i686 | libnghttp2-debuginfo | < 1.33.0-4.el8_4.1 | libnghttp2-debuginfo-1.33.0-4.el8_4.1.i686.rpm |
| RedHat | 8 | ppc64le | nghttp2-debugsource | < 1.33.0-4.el8_4.1 | nghttp2-debugsource-1.33.0-4.el8_4.1.ppc64le.rpm |
| RedHat | 8 | x86_64 | nghttp2-debugsource | < 1.33.0-4.el8_4.1 | nghttp2-debugsource-1.33.0-4.el8_4.1.x86_64.rpm |
| RedHat | 8 | i686 | nghttp2-debuginfo | < 1.33.0-4.el8_4.1 | nghttp2-debuginfo-1.33.0-4.el8_4.1.i686.rpm |
| RedHat | 8 | i686 | nghttp2-debugsource | < 1.33.0-4.el8_4.1 | nghttp2-debugsource-1.33.0-4.el8_4.1.i686.rpm |
| RedHat | 8 | i686 | libnghttp2 | < 1.33.0-4.el8_4.1 | libnghttp2-1.33.0-4.el8_4.1.i686.rpm |
| RedHat | 8 | x86_64 | libnghttp2 | < 1.33.0-4.el8_4.1 | libnghttp2-1.33.0-4.el8_4.1.x86_64.rpm |
| RedHat | 8 | ppc64le | nghttp2-debuginfo | < 1.33.0-4.el8_4.1 | nghttp2-debuginfo-1.33.0-4.el8_4.1.ppc64le.rpm |
| RedHat | 8 | ppc64le | libnghttp2 | < 1.33.0-4.el8_4.1 | libnghttp2-1.33.0-4.el8_4.1.ppc64le.rpm |
| RedHat | 8 | x86_64 | nghttp2-debuginfo | < 1.33.0-4.el8_4.1 | nghttp2-debuginfo-1.33.0-4.el8_4.1.x86_64.rpm |
Related
cbl_mariner
cbl_mariner
CVE-2023-44487 affecting package moby-containerd-cc for versions less than 1.7.1-5
2024-02-09 19:07:07
CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5
2024-02-09 19:07:07
CVE-2023-44487 affecting package terraform for versions less than 1.3.2-11
2024-02-09 19:07:07
ibm
ibm
redhat
redhat
(RHSA-2023:7334) Important: rh-varnish6-varnish security update
2023-11-16 14:38:00
(RHSA-2023:5716) Important: Red Hat Data Grid 8.4.5 security update
2023-10-16 14:21:45
(RHSA-2023:5769) Important: nghttp2 security update
2023-10-17 08:52:38
redos
redos
ROS-20231107-01
2023-11-07 00:00:00
atlassian
atlassian
nessus
nessus
Cisco Prime Infrastructure DoS (cisco-sa-http2-reset-d8Kf32vZ)
2023-11-23 00:00:00
RHCOS 4 : OpenShift Container Platform 4.13.23 (RHSA-2023:7325)
2024-01-24 00:00:00
Fortinet Fortigate (FG-IR-23-397)
2024-02-08 00:00:00
oraclelinux
oraclelinux
.NET 7.0 security update
2023-10-18 00:00:00
osv
osv
BIT-nginx-ingress-controller-2023-44487
2024-07-26 07:28:26
BIT-envoy-2023-44487
2024-03-06 10:52:27
BIT-contour-2023-44487
2024-03-06 10:50:58
debian
debian
[SECURITY] [DLA 3617-2] tomcat9 regression update
2023-10-16 22:23:23
[SECURITY] [DLA 3638-1] h2o security update
2023-10-31 14:09:23
openvas
openvas
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1092)
2024-01-09 00:00:00
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1365)
2024-03-14 00:00:00
openSUSE: Security Advisory for netty, netty (SUSE-SU-2023:4163-1)
2024-03-04 00:00:00
almalinux
almalinux
Important: dotnet6.0 security update
2023-10-16 00:00:00
Important: nghttp2 security update
2023-10-18 00:00:00
Important: varnish security update
2023-10-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-10-12 14:37:40
rocky
rocky
nodejs security update
2023-10-24 18:36:46
varnish security update
2023-10-24 18:36:42
varnish security update
2023-10-24 18:35:47
fedora
fedora
[SECURITY] Fedora 38 Update: fbthrift-2023.10.16.00-1.fc38
2023-10-24 01:23:49
[SECURITY] Fedora 38 Update: wangle-2023.10.16.00-1.fc38
2023-10-24 01:23:49
[SECURITY] Fedora 39 Update: proxygen-2023.10.16.00-1.fc39
2023-11-03 19:01:54
github
github
HTTP/2 Stream Cancellation Attack
2023-10-10 21:28:24
amazon
amazon
Important: nghttp2
2023-10-16 13:45:00
Important: nghttp2
2023-10-16 13:45:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Ietf Http
2023-12-11 23:12:03
msrc
msrc
freebsd
freebsd
h2o -- HTTP/2 Rapid Reset attack vulnerability
2023-10-10 00:00:00
broadcom
broadcom
HTTP2 Rapid Reset Vulnerability (CVE-2023-44487)
2023-10-17 00:00:00
prion
prion
Design/Logic Flaw
2023-10-10 14:15:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.816
Percentile
98.4%
Related for RHSA-2023:5768