Opened 2 years ago
Closed 2 years ago
New point version
Set the right version
This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
frames cause Denial of Service by consuming CPU time. Check out
for details. For nghttpx, additionally limiting inbound traffic by --read-rate and --read-burst options is quite effective against this kind of attack.
Fix CVE-2019-9511 and CVE-2019-9513
Add nghttp2_option_set_max_outbound_ack API function
nghttpx: Fix request stall
Fixed at r21966
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2021 Gerard Beekmans.