admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 18:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2018/CVE-2018-16843.md

23 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2018-16843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843)
![](https://img.shields.io/static/v1?label=Product&message=nginx&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400&color=brighgreen)
### Description
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
### POC
#### Reference
- http://seclists.org/fulldisclosure/2021/Sep/36
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ConstantaNF/RPM
- https://github.com/Dekkert/dz6_soft_distribution
- https://github.com/adastraaero/OTUS_LinuxProf
- https://github.com/anitazhaochen/anitazhaochen.github.io
- https://github.com/flyniu666/ingress-nginx-0.21-1.19.5
Reference in New Issue Copy Permalink