oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Use after free in nghttp2

From: Hanno Böck <hanno () hboeck de>
Date: Wed, 23 Dec 2015 17:59:17 +0100
https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/

Quote from release announcement:
"This release fixes heap-use-after-free bug in idle stream handling
code. We strongly recommend to upgrade the older installation to this
latest version as soon as possible."

Given nghttp2 is used for many (most?) http2 deployments and these
become more and more common I think this is rather serious.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: _bin
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: