1090 matches found
PT-2026-41538
A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...
[SECURITY] [DSA 6266-1] nghttp2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6266-1 [email protected] https://www.debian.org/security/ Aron Xu May 14, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
Debian dsa-6266 : libnghttp2-14 - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6266 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6266-1 [email protected] https://www.debian.org/security/...
[SECURITY] [DLA 4581-1] nghttp2 security update
Debian LTS Advisory DLA-4581-1 [email protected] https://www.debian.org/lts/security/ Lukas Märdian May 13, 2026 https://wiki.debian.org/LTS Package : nghttp2 Version : 1.43.0-1+deb11u3 CVE ID : CVE-2026-27135 Debian Bug : 1131369 A vulnerabilitie was discovered in nghttp2, a server,...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.64 bug fix and security update
Red Hat OpenShift Container Platform release 4.15.64 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.65 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.65 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Debian dla-4581 : libnghttp2-14 - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4581 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4581-1 [email protected] https://www.debian.org/lts/security/...
CVE-2026-8119
A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogssbistreamfindbyid in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used...
Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of libnghttp2-sys (CVE-2025-7207, CVE-2025-12875)
Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.0 and 1.90.0.0 uses the libnghttp2-sys-0.1.11+1.64.0 crate, which wraps a vulnerable version 1.64 of the nghttp2 library. Vulnerability Details CVEID:CVE-2025-12875 DESCRIPTION: A weakness has been identified in mruby 3.4.0...
CVE-2026-8119
CVE-2026-8119 affects Open5GS up to 2.7.7, specifically the NSSF path. The vulnerable element is the function ogs_sbi_stream_find_by_id in the file /lib/sbi/nghttp2-server.c of the NSSF component. A manipulation leads to a denial of service . The vulnerability requires a local attacker (attack ve...
CVE-2026-8119 Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id denial of service
A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogssbistreamfindbyid in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used...
CVE-2026-8119 Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id denial of service
A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogssbistreamfindbyid in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used...
PT-2026-38603
Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A flaw in the NSSF component allows a local attacker to cause a denial of service through manipulation of the ogs sbi stream find by id function within the /lib/sbi/nghttp2-server.c library...
CLSA-2026-1778148827 nghttp2: Fix of CVE-2023-35945
CVE-2023-35945: fix memory leak in nghttp2sessionmemsendinternal when onstreamclosecallback returns a fatal error during send-failure handling...
CLSA-2026-1778129164 nghttp2: Fix of 2 CVEs
CVE-2023-35945: fix memory leak on RSTSTREAM followed by GOAWAY - CVE-2026-27135: fix iframe state validation to prevent assertion failure...
USN-8233-2 nghttp2 vulnerability
USN-8233-1 fixed a vulnerability in nghttp2. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : nghttp2 vulnerability (USN-8233-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8233-1 advisory. Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session...
Important: Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images
Updated RHEL-8 based Middleware Containers container images are now available The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2026:11077 RHSA-2026:7667 RHSA-2026:8534 RHSA-2026:9745 see References Security Fixes: rsync:...
USN-8233-1: nghttp2 vulnerability
Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service...
USN-8233-1 nghttp2 vulnerability
Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service...