CVE-2018-1000168 - OpenCVE

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Nodejs	Node.js
Nghttp2	Nghttp2

Configuration 1 [-]

cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js::::::::
	cpe:2.3:a:nodejs:node.js:::::-:::*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/103952	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:0366	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0367	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html	Mailing List Third Party Advisory
https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/	Vendor Advisory
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/	Release Notes Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-08T15:00:00

Updated: 2021-10-17T07:06:17

Reserved: 2018-04-09T00:00:00

Link: CVE-2018-1000168

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-05-08T15:29:00.207

Modified: 2022-08-16T13:01:03.207

Link: CVE-2018-1000168

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-04-30T00:00:00", "datePublic": "2018-04-12T00:00:00", "descriptions": [{"lang": "en", "value": "nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-17T07:06:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2019:0367", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0367"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"}, {"name": "103952", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103952"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/"}, {"name": "RHSA-2019:0366", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0366"}, {"name": "[debian-lts-announce] 20211017 [SECURITY] [DLA 2786-1] nghttp2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-04-30T20:15:49.358836", "DATE_REQUESTED": "2018-04-09T10:52:35", "ID": "CVE-2018-1000168", "REQUESTER": "tatsuhiro.t@gmail.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2019:0367", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0367"}, {"name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"}, {"name": "103952", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103952"}, {"name": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/", "refsource": "CONFIRM", "url": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/"}, {"name": "RHSA-2019:0366", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0366"}, {"name": "[debian-lts-announce] 20211017 [SECURITY] [DLA 2786-1] nghttp2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000168", "datePublished": "2018-05-08T15:00:00", "dateReserved": "2018-04-09T00:00:00", "dateUpdated": "2021-10-17T07:06:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*", "matchCriteriaId": "D406D06D-CFAA-4CBA-AD46-81855AB98930", "versionEndIncluding": "1.31.0", "versionStartIncluding": "1.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4", "versionEndIncluding": "6.8.1", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "2D68FAF3-F5F9-4141-B10F-AB99D620F617", "versionEndIncluding": "8.17.0", "versionStartIncluding": "8.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "45DB38F2-B756-42E0-81D9-4F1AC0798F40", "versionEndIncluding": "9.11.2", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "6F40337E-4705-46D3-9731-A3B3A9303A74", "versionEndExcluding": "10.4.1", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1."}, {"lang": "es", "value": "nghttp2 hasta la versi\u00f3n 1.10.0 y nghttp2 en versiones 1.31.0 y anteriores contienen una vulnerabilidad de validaci\u00f3n incorrecta de entradas (CWE-20) en la gesti\u00f3n de tramas ALTSVC que puede resultar en un fallo de segmentaci\u00f3n, lo que provoca una denegaci\u00f3n de servicio (DoS). Este ataque parece ser explotable mediante un cliente de red. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.31.1 y posteriores."}], "id": "CVE-2018-1000168", "lastModified": "2022-08-16T13:01:03.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-08T15:29:00.207", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103952"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0366"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0367"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}