Lucene search
RedHatRHSA-2024:4576HistoryJul 16, 2024 - 3:30 p.m.
(RHSA-2024:4576) Moderate: nghttp2 security update
2024-07-1615:30:14
access.redhat.com
9
rhsa-2024 nghttp2 library security unix_protocol cve-2024-28182 dos.
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
5.7
Confidence
High
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.
Security Fix(es):
- nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | i686 | libnghttp2 | < 1.33.0-3.el8_2.3 | libnghttp2-1.33.0-3.el8_2.3.i686.rpm |
| RedHat | 8 | i686 | nghttp2-debugsource | < 1.33.0-3.el8_2.3 | nghttp2-debugsource-1.33.0-3.el8_2.3.i686.rpm |
| RedHat | 8 | x86_64 | libnghttp2-debuginfo | < 1.33.0-3.el8_2.3 | libnghttp2-debuginfo-1.33.0-3.el8_2.3.x86_64.rpm |
| RedHat | 8 | x86_64 | nghttp2-debugsource | < 1.33.0-3.el8_2.3 | nghttp2-debugsource-1.33.0-3.el8_2.3.x86_64.rpm |
| RedHat | 8 | i686 | nghttp2-debuginfo | < 1.33.0-3.el8_2.3 | nghttp2-debuginfo-1.33.0-3.el8_2.3.i686.rpm |
| RedHat | 8 | x86_64 | libnghttp2 | < 1.33.0-3.el8_2.3 | libnghttp2-1.33.0-3.el8_2.3.x86_64.rpm |
| RedHat | 8 | i686 | libnghttp2-debuginfo | < 1.33.0-3.el8_2.3 | libnghttp2-debuginfo-1.33.0-3.el8_2.3.i686.rpm |
| RedHat | 8 | x86_64 | nghttp2-debuginfo | < 1.33.0-3.el8_2.3 | nghttp2-debuginfo-1.33.0-3.el8_2.3.x86_64.rpm |
Related
osv
osv
Moderate: nghttp2 security update
2024-05-30 00:00:00
nghttp2 - security update
2024-04-30 00:00:00
CGA-3396-g349-3rv6
2024-06-06 12:21:45
cbl_mariner
cbl_mariner
CVE-2024-28182 affecting package nodejs for versions less than 20.14.0-1
2024-06-21 09:32:44
CVE-2024-28182 affecting package rust for versions less than 1.68.0-1
2024-09-19 09:11:58
CVE-2024-28182 affecting package nghttp2 for versions less than 1.61.0-1
2024-08-14 20:43:58
mageia
mageia
Updated nghttp2 packages fix security vulnerability
2024-04-17 05:13:57
openvas
openvas
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-2144)
2024-08-20 00:00:00
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-2332)
2024-09-03 00:00:00
nghttp2 < 1.61.0 HTTP/2 Protocol DoS Vulnerability
2024-04-08 00:00:00
veracode
veracode
Denial Of Service (DoS)
2024-04-05 10:02:12
nessus
nessus
RHEL 9 : nghttp2 (RHSA-2024:3875)
2024-06-13 00:00:00
EulerOS 2.0 SP9 : nghttp2 (EulerOS-SA-2024-1968)
2024-07-16 00:00:00
cvelist
cvelist
debiancve
debiancve
CVE-2024-28182
2024-04-04 15:15:38
cve
cve
CVE-2024-28182
2024-04-04 15:15:38
vulnrichment
vulnrichment
cgr
cgr
CVE-2024-28182 vulnerabilities
2024-05-19 03:07:16
redhat
redhat
(RHSA-2024:3763) Moderate: nghttp2 security update
2024-06-10 14:09:03
(RHSA-2024:4252) Moderate: nghttp2 security update
2024-07-02 13:56:39
(RHSA-2024:3665) Moderate: nghttp2 security update
2024-06-06 08:15:03
redhatcve
redhatcve
CVE-2024-28182
2024-04-03 19:27:34
fedora
fedora
[SECURITY] Fedora 39 Update: nghttp2-1.55.1-5.fc39
2024-04-20 01:03:28
[SECURITY] Fedora 40 Update: nghttp2-1.59.0-3.fc40
2024-04-19 21:41:43
[SECURITY] Fedora 38 Update: nghttp2-1.52.0-3.fc38
2024-04-20 02:14:40
almalinux
almalinux
Moderate: nghttp2 security update
2024-07-02 00:00:00
Moderate: nghttp2 security update
2024-05-30 00:00:00
Important: nodejs:20 security update
2024-05-15 00:00:00
oraclelinux
oraclelinux
nghttp2 security update
2024-06-20 00:00:00
nghttp2 security update
2024-07-02 00:00:00
nodejs security update
2024-05-22 00:00:00
amazon
amazon
Important: nghttp2
2024-04-24 22:15:00
Important: nghttp2
2024-05-09 17:43:00
debian
debian
[SECURITY] [DLA 3804-1] nghttp2 security update
2024-04-30 21:29:26
ubuntucve
ubuntucve
CVE-2024-28182
2024-04-04 00:00:00
nvd
nvd
CVE-2024-28182
2024-04-04 15:15:38
redos
redos
ROS-20240507-08
2024-05-07 00:00:00
wolfi
wolfi
CVE-2024-28182 vulnerabilities
2024-09-19 09:11:50
f5
f5
K000139225: nghttp2 vulnerability CVE-2024-28182
2024-04-10 00:00:00
alpinelinux
alpinelinux
CVE-2024-28182
2024-04-04 15:15:38
ibm
ibm
slackware
slackware
[slackware-security] nghttp2
2024-04-04 19:17:04
rocky
rocky
nghttp2 security update
2024-06-14 14:00:33
nodejs:18 security update
2024-05-09 18:51:51
nodejs:18 security update
2024-05-09 18:50:42
gentoo
gentoo
nghttp2: Multiple Vulnerabilities
2024-08-07 00:00:00
ubuntu
ubuntu
nghttp2 vulnerabilities
2024-04-25 00:00:00
nghttp2 vulnerability
2024-05-07 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0242
2024-04-10 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0591
2024-04-11 00:00:00
githubexploit
githubexploit
arista
arista
Security Advisory 0094
2024-04-03 00:00:00
cert
cert
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2024-04-03 00:00:00
thn
thn
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
2024-04-04 11:15:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
5.7
Confidence
High
Related for RHSA-2024:4576