Main Vulnerability Database Vulnerabilities #VU11858

NULL pointer dereference in nghttp2 - CVE-2018-1000168

Published: April 17, 2018

Vulnerability identifier: #VU11858

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1000168

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: nghttp2

Affected software:
nghttp2

Detailed vulnerability description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to improper bounds checking. If an alternative services (ALTSVC) frame is too large, the pointer field that points to the ALTSVC frame payload is left NULL. A remote attacker can submit a large ALTSVC frame, trigger a NULL pointer dereference and cause the service to crash.

How to mitigate CVE-2018-1000168

Update to version 1.31.1.

Sources

https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/

NULL pointer dereference in nghttp2 - CVE-2018-1000168

Detailed vulnerability description

How to mitigate CVE-2018-1000168

Sources

Please verify you're human