FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4bb56d2f-a5b0-11ea-a860-08002728f74cnghttp2 -- DoS vulnerability

nghttp2 security advisories:

The overly large HTTP/2 SETTINGS frame payload causes denial of service.

The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%.


Discovery 2020-06-02
Entry 2020-06-03
nghttp2
libnghttp2
lt 1.41.0

https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr
CVE-2020-11080