Allele Security Alert
ASA-2018-00030
Identifier(s)
ASA-2018-00030, CVE-2018-16843
Title
Excessive memory consumption
Vendor(s)
NGINX, Inc
Product(s)
nginx
Affected version(s)
nginx 1.9.5 – 1.15.5
Fixed version(s)
nginx 1.15.6, 1.14.1
Proof of concept
Unknown
Description
One security issue was identified in nginx HTTP/2 implementation, which might cause excessive memory consumption.
The issue affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the “http2” option of the “listen” directive is used in a configuration file.
Technical details
Unknown
Credits
Gal Goldshtein (F5 Networks)
Reference(s)
[nginx-announce] nginx security advisory (CVE-2018-16843, CVE-2018-16844)
https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
nginx security advisories
https://nginx.org/en/security_advisories.html
CVE-2018-16843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843
CVE-2018-16843
https://nvd.nist.gov/vuln/detail/CVE-2018-16843
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 6, 2019