0.6.6

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-10	CVE-2023-44487	Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco CWE-400	7.5
2023-07-13	CVE-2023-35945	Incomplete Cleanup vulnerability in multiple products Envoy is a cloud-native high-performance edge/middle/service proxy. network low complexity envoyproxy nghttp2 CWE-459	7.5
2020-06-03	CVE-2020-11080	Improper Enforcement of Message or Data Structure vulnerability in multiple products In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. network low complexity nghttp2 debian opensuse fedoraproject oracle nodejs CWE-707	7.5
2020-02-06	CVE-2016-1544	Resource Exhaustion vulnerability in multiple products nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). local low complexity nghttp2 fedoraproject CWE-400	2.1
2016-01-12	CVE-2015-8659	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. network low complexity apple nghttp2 CWE-119 critical	10.0