En

nginx官网安全更新(2019-03-01)

来源:nginx官网 发布日期:2019-03-01 阅读次数:217 评论:0

基本信息

发布日期:2019-03-01(官方当地时间)

更新类型:安全更新

更新版本:未知

感知时间:2019-12-05 19:42:02

风险等级:低危

情报贡献:TSRC

更新标题

Excessive memory usage in HTTP/2 with zero length headers

更新详情

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

软件描述

Nginx (engine x) 是一个高性能的HTTP和反向代理web服务器,同时也提供了IMAP/POP3/SMTP服务

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入