Main Vulnerability Database Vulnerabilities #VU11858

#VU11858 NULL pointer dereference in nghttp2 - CVE-2018-1000168

Published: April 17, 2018

Vulnerability identifier: #VU11858

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1000168

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
nghttp2

Software vendor:
nghttp2

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to improper bounds checking. If an alternative services (ALTSVC) frame is too large, the pointer field that points to the ALTSVC frame payload is left NULL. A remote attacker can submit a large ALTSVC frame, trigger a NULL pointer dereference and cause the service to crash.

Remediation

Update to version 1.31.1.

External links

https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/