| Release | Version |
|---|---|
| buster | 1.36.0-2+deb10u1 |
| bullseye | 1.43.0-1 |
| bookworm | 1.52.0-1 |
| sid | 1.52.0-1 |
| Bug | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|
| CVE-2020-11080 | vulnerable (no DSA) | fixed | fixed | fixed | In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ... |
| Bug | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|
| TEMP-0000000-A4EF31 | vulnerable | vulnerable | vulnerable | vulnerable | Null pointer access in inflatehd tool |
| Bug | Description |
|---|---|
| CVE-2019-9513 | Some HTTP/2 implementations are vulnerable to resource loops, potentia ... |
| CVE-2019-9511 | Some HTTP/2 implementations are vulnerable to window size manipulation ... |
| CVE-2018-1000168 | nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Imp ... |
| CVE-2016-1544 | nghttp2 before 1.7.1 allows remote attackers to cause a denial of serv ... |
| CVE-2015-8659 | The idle stream handling in nghttp2 before 1.6.0 allows attackers to h ... |
| DSA / DLA | Description |
|---|---|
| DLA-2786-1 | nghttp2 - security update |
| DSA-4511-1 | nghttp2 - security update |