oss-sec mailing list archives
Use after free in nghttp2
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 23 Dec 2015 17:59:17 +0100
https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/ Quote from release announcement: "This release fixes heap-use-after-free bug in idle stream handling code. We strongly recommend to upgrade the older installation to this latest version as soon as possible." Given nghttp2 is used for many (most?) http2 deployments and these become more and more common I think this is rather serious. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Use after free in nghttp2 Hanno Böck (Dec 23)
- Re: Use after free in nghttp2 cve-assign (Dec 23)