cvelist/2020/11xxx/CVE-2020-11080.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-11080",
        "STATE": "PUBLIC",
        "TITLE": "Denial of service in nghttp2"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "nghttp2",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "< 1.41.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "nghttp2"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-707 Improper Enforcement of Message or Data Structure"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "DEBIAN",
                "name": "DSA-4696",
                "url": "https://www.debian.org/security/2020/dsa-4696"
            },
            {
                "refsource": "SUSE",
                "name": "openSUSE-SU-2020:0802",
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2020-f7d15c8b77",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
                "name": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr",
                "refsource": "CONFIRM",
                "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr"
            },
            {
                "name": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
                "refsource": "MISC",
                "url": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090"
            },
            {
                "name": "https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394",
                "refsource": "MISC",
                "url": "https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2020-43d5a372fc",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20211017 [SECURITY] [DLA 2786-1] nghttp2 security update",
                "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
        ]
    },
    "source": {
        "advisory": "GHSA-q5wr-xfw9-q7xr",
        "discovery": "UNKNOWN"
    }
}