Nghttp2 安全漏洞

CNNVD-ID编号	CNNVD-202006-293
CVE编号	CVE-2020-11080
发布时间	2020-06-03
更新时间	2021-01-20
漏洞类型	其他
漏洞来源	N/A
危险等级	高危
威胁类型	远程
厂商	N/A

漏洞介绍

Nghttp2是一个用于实现HTTP/2的C库。

Nghttp2 1.41.0之前版本中存在安全漏洞。攻击者可借助恶意的客户端构建14,400字节长度的SETTINGS帧利用该漏洞造成拒绝服务。

漏洞补丁

目前厂商已发布升级了Nghttp2 安全漏洞的补丁，Nghttp2 安全漏洞的补丁获取链接：

https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr

参考网址

来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
来源:http2

链接：http2/commit/f8da73bd042f810f34d19f9eae02b46d870af394
来源:http2

链接：http2/ng
来源:MISC

链接：https://github.com/ng
来源:DEBIAN

链接：https://www.debian.org/security/2020/dsa-4696
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
来源:http2

链接：http2/commit/336a98feb0d56b9ac54e12736b18785c27f75090
来源:http2

链接：http2/security/advisories/GHSA-q5wr-xfw9-q7xr
来源:MISC

链接：https://www.oracle.com/security-alerts/cpujul2020.html
来源:MISC

链接：https://www.oracle.com/security-alerts/cpuoct2020.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1982/
来源:www.oracle.com

链接：https://www.oracle.com/security-alerts/cpujul2020.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158798/Red-Hat-Security-Advisory-2020-3372-01.html
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2020-11080
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158268/Red-Hat-Security-Advisory-2020-2784-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-multiple-node-js-vulnerabilities-cve-2020-11080-cve-2020-10531-cve-2020-8172-cve-2020-8174/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2204.2/
来源:http2-denial-of-service-via-Large-SETTINGS-Frames-32622

链接：http2-denial-of-service-via-Large-SETTINGS-Frames-32622
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/ng
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2045/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js/
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/Node-Core-three-vulnerabilities-32395
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2162/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2372/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158168/Red-Hat-Security-Advisory-2020-2646-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-affected-by-multiple-node-js-vulnerabilities/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2863/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-is-affected-by-multiple-node-js-vulnerabilities/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2308/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158507/Red-Hat-Security-Advisory-2020-3084-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158398/Red-Hat-Security-Advisory-2020-2895-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158046/Red-Hat-Security-Advisory-2020-2524-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-cloud-native-event-analytics-is-affected-by-a-international-components-for-unicode-icu-for-c-c-vulnerability-cve-2020-10531/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2020-10531-cve-2020-8172-cve-2020-8174-cve-2020-11080/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158926/Red-Hat-Security-Advisory-2020-3525-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics-workspace/
来源:www.oracle.com

链接：https://www.oracle.com/security-alerts/cpujan2021.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158327/Red-Hat-Security-Advisory-2020-2823-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-version-10-19-0-of-node-js-included-in-ibm-netcool-operations-insight-1-6-0-x-has-several-security-vulnerabilities/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158346/Red-Hat-Security-Advisory-2020-2852-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159095/Red-Hat-Security-Advisory-2020-3578-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158224/Red-Hat-Security-Advisory-2020-2755-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2593/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2488/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2321/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2020-8172-cve-2020-8174-cve-2020-11080/
来源:www.oracle.com

链接：https://www.oracle.com/security-alerts/cpuoct2020.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-control-cve-2020-8172-cve-2020-8174-cve-2020-11080/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2204/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-v11/
来源:www.nsfocus.net

链接：http://www.nsfocus.net/vulndb/48072
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2713/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3081/

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202006-293