CVE-2018-1000168 : nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Vali

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

Published 2018-05-08 15:29:00

Updated 2022-08-16 13:01:03

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionInput validationDenial of service

Products affected by CVE-2018-1000168

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Nodejs » Node.js » LTS Edition
Versions from including (>=) 8.4.0 and up to, including, (<=) 8.17.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Matching versions
Nodejs » Node.js
Versions from including (>=) 9.0.0 and up to, including, (<=) 9.11.2
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
Matching versions
Nodejs » Node.js »
Versions from including (>=) 10.0.0 and before (<) 10.4.1
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Matching versions
Nodejs » Node.js »
Versions from including (>=) 6.0.0 and up to, including, (<=) 6.8.1
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Matching versions
Nghttp2 » Nghttp2
Versions from including (>=) 1.10.0 and up to, including, (<=) 1.31.0
cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-1000168

EPSS FAQ

6.71%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-1000168

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-1000168

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-1000168

https://access.redhat.com/errata/RHSA-2019:0367

RHSA-2019:0367 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:0366

RHSA-2019:0366 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/103952

nghttp2 CVE-2018-1000168 Remote Denial of Service Vulnerability
Broken Link;Third Party Advisory;VDB Entry
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

June 2018 Security Releases | Node.js
Release Notes;Third Party Advisory

CVEs referencing this url
https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/

Nghttp2 v1.31.1 - nghttp2.org
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html

[SECURITY] [DLA 2786-1] nghttp2 security update
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-1000168

Products affected by CVE-2018-1000168

Exploit prediction scoring system (EPSS) score for CVE-2018-1000168

CVSS scores for CVE-2018-1000168

CWE ids for CVE-2018-1000168

References for CVE-2018-1000168