6 matches found
JLSEC-2026-1 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of se...
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...
CLSA-2022-1649696332 Fix of CVE: CVE-2021-3618
CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...
CLSA-2022-1649695783 Fixed CVE-2021-3618 in nginx
CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...
CLSA-2022-1649695737 Fix CVE(s): CVE-2021-3618
SECURITY UPDATE: Vulnerability against application layer protocol content confusion attack - debian/patches/CVE-2021-3618.patch: Drop the connection after reaching the specified number of invalid protocol commmands - CVE-2021-3618...
CLSA-2022-1649695619 Fix of CVE: CVE-2021-3618
CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...
ALPINE-CVE-2020-11080
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...