Wind River Support Network

HomeDefectsLIN1023-2302
Fixed

LIN1023-2302 : Security Advisory - nghttp2 - CVE-2023-44487

Created: Oct 11, 2023    Updated: Mar 26, 2024
Resolved Date: Feb 25, 2024
Found In Version: 10.23.30.1
Fix Version: 10.23.30.7
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace

Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVEs

  • Linkedin
  • Facebook
  • Twitter
  • Youtube