A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service.

References

bugzilla.redhat.com/show_bug.cgi?id=1844929

github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr

nvd.nist.gov/vuln/detail/CVE-2020-11080

www.cve.org/CVERecord?id=CVE-2020-11080

nessus 51

alpinelinux 1

ubuntu 1

openvas 22

mageia 1

redhat 19

cbl_mariner 1

osv 13

prion 1

ubuntucve 1

cvelist 1

rocky 3

ibm 18

suse 2

cve 1

fedora 2

almalinux 3

freebsd 2

veracode 1

amazon 2

debiancve 1

nvd 1

debian 3

photon 12

oraclelinux 4

altlinux 2

ics 1

nodejsblog 1

hp 1

oracle 4

nessus

Fedora 31 : nghttp2 (2020-f7d15c8b77)

2020-06-18 00:00:00

EulerOS Virtualization for ARM 64 3.0.6.0 : nghttp2 (EulerOS-SA-2020-1911)

2020-08-28 00:00:00

SUSE SLED15 / SLES15 Security Update : nghttp2 (SUSE-SU-2021:0930-1)

2021-03-26 00:00:00

alpinelinux

CVE-2020-11080

2020-06-03 23:15:11

ubuntu

nghttp2 vulnerability

2023-06-06 00:00:00

openvas

Fedora: Security Advisory for nghttp2 (FEDORA-2020-f7d15c8b77)

2020-06-23 00:00:00

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2020-1815)

2020-07-31 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:0931-1)

2021-04-19 00:00:00

mageia

Updated nghttp2 packages fix security vulnerability

2020-06-11 02:59:36

redhat

(RHSA-2020:2524) Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-proxy security update

2020-06-11 06:52:38

(RHSA-2020:2523) Important: Red Hat OpenShift Service Mesh 1.1.2 servicemesh-proxy security update

2020-06-11 06:38:11

(RHSA-2020:2850) Important: nghttp2 security update

2020-07-07 08:51:42

cbl_mariner

CVE-2020-11080 affecting package nghttp2 1.33.0-3

2020-11-30 19:30:42

osv

Important: nghttp2 security update

2020-06-25 16:31:29

nghttp2 vulnerability

2023-06-06 08:20:51

BIT-node-2020-11080

2024-03-06 11:08:52

prion

Security feature bypass

2020-06-03 23:15:00

ubuntucve

CVE-2020-11080

2020-06-03 00:00:00

cvelist

CVE-2020-11080 Denial of service in nghttp2

2020-06-03 00:00:00

rocky

nghttp2 security update

2020-06-25 16:31:29

nodejs:10 security update

2020-07-07 08:51:24

nodejs:12 security update

2020-07-07 08:52:35

ibm

Security Bulletin: API Connect is impacted by a denial of service (DoS) vulnerability in Node.js (CVE-2020-11080)

2021-02-02 13:19:54

Security Bulletin: IBM Cloud Pak for Integration is affected by multiple Node.js vulnerabilities

2020-08-04 09:50:19

Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8172, CVE-2020-8174, CVE-2020-11080)

2022-03-23 22:07:22

suse

Security update for nghttp2 (important)

2021-03-25 00:00:00

Security update for nodejs8 (critical)

2020-06-13 00:00:00

cve

CVE-2020-11080

2020-06-03 23:15:11

fedora

[SECURITY] Fedora 31 Update: nghttp2-1.41.0-1.fc31

2020-06-18 01:01:53

[SECURITY] Fedora 33 Update: nodejs-14.15.1-1.fc33

2020-12-13 02:10:30

almalinux

Important: nghttp2 security update

2020-06-25 16:31:29

Important: nodejs:10 security update

2020-07-07 08:51:24

Important: nodejs:12 security update

2020-07-07 08:52:35

freebsd

nghttp2 -- DoS vulnerability

2020-06-02 00:00:00

Node.js -- June 2020 Security Releases

2020-06-02 00:00:00

veracode

Denial Of Service (DoS)

2020-06-05 03:23:12

amazon

Important: nghttp2

2020-06-26 22:54:00

Important: nghttp2

2020-07-27 23:18:00

debiancve

CVE-2020-11080

2020-06-03 23:15:11

nvd

CVE-2020-11080

2020-06-03 23:15:11

debian

[SECURITY] [DLA 2786-1] nghttp2 security update

2021-10-17 06:03:02

[SECURITY] [DLA 3621-1] nghttp2 security update

2023-10-16 14:26:59

[SECURITY] [DSA 4696-1] nodejs security update

2020-06-06 11:06:13

photon

Critical Photon OS Security Update - PHSA-2020-0105

2020-06-24 00:00:00

Critical Photon OS Security Update - PHSA-2020-3.0-0105

2020-06-24 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0304

2020-06-26 00:00:00

oraclelinux

nghttp2 security update

2020-07-06 00:00:00

nodejs:10 security update

2020-07-14 00:00:00

nodejs:12 security update

2020-07-14 00:00:00

altlinux

Security fix for the ALT Linux 9 package node version 14.4.0-alt1

2020-06-19 00:00:00

Security fix for the ALT Linux 10 package node version 14.4.0-alt1

2020-06-19 00:00:00

ics

Hitachi Energy e-mesh EMS

2022-03-31 12:00:00

nodejsblog

June 2020 Security Releases

2020-06-02 00:00:00

HP ThinPro 8.0 SP 7 Security Updates

2024-01-26 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Oracle Critical Patch Update Advisory - July 2020

2020-07-14 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for RH:CVE-2020-11080