CVE-2020-11080

Home/CVE/In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of

CVE

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability.

There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

LOW · CVSS 3.7 EPSS 0.01247

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules2 YARA rules0

⬡

Weakness Classification

CWE-400Uncontrolled Resource Consumption

CWE-707Improper Neutralization

▤

Affected Products & Versions

nghttp2< 1.41.0
debian linuxall versions
opensuse leapall versions
fedoraproject fedoraall versions
oracle banking extensibility workbenchall versions
oracle blockchain platform< 21.1.2
oracle enterprise communications brokerall versions
oracle graalvmall versions
Show all 18 affected productsoracle mysql>= 7.3.0 and <= 7.3.30
oracle mysql>= 7.4.0 and <= 7.4.29
oracle mysql>= 7.5.0 and <= 7.5.19
oracle mysql>= 7.6.0 and <= 7.6.15
oracle mysql>= 8.0.0 and <= 8.0.21
nodejs node.js>= 10.0.0 and <= 10.12.0
nodejs node.js>= 10.13.0 and < 10.21.0
nodejs node.js>= 12.0.0 and <= 12.12.0
nodejs node.js>= 12.13.0 and < 12.18.0
nodejs node.js>= 14.0.0 and <= 14.4.0

◈

Sigma Hunt Rules

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

producthighOpenCanary - MySQL Login Attempt

producthighUncommon File Creation By Mysql Daemon Process

▣

Scoring & Timeline

3.7

LOW · CVSS v3.1 · security-advisories@github.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD03 Jun 2020 · 11:15 PM

CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

Technical impact

partial

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

suse-csafopenSUSE-SU-2024:11091-1
suse-csafopenSUSE-SU-2024:11096-1
usnUSN-6142-1
suse-csafopenSUSE-SU-2021:0468-1
suse-csafSUSE-SU-2021:0930-1
Show all 30 vendor advisoriessuse-csafSUSE-SU-2021:0931-1
suse-csafSUSE-SU-2021:0932-1
suse-csafSUSE-SU-2020:2800-1
msrcCVE-2020-11080
suse-csafopenSUSE-SU-2020:0802-1
suse-csafSUSE-SU-2020:1606-1
suse-csafSUSE-SU-2020:1568-1
suse-csafSUSE-SU-2020:1575-1
suse-csafSUSE-SU-2020:1576-1
rhsaRHSA-2020:2895Important
rhsaRHSA-2020:2852Important
rhsaRHSA-2020:2850Important
rhsaRHSA-2020:2784Important
rhsaRHSA-2020:2848Important
rhsaRHSA-2020:2849Important
rhsaRHSA-2020:2847Important
rhsaRHSA-2020:2646Important
rhsaRHSA-2020:2823Important
rhsaRHSA-2020:2644Important
rhsaRHSA-2020:2523Important
rhsaRHSA-2020:2524Important
rhsaRHSA-2020:2755Important
rhsaRHSA-2020:3042Important
rhsaRHSA-2020:3084Important
cisa-csafcisa-csaf-csaf_files-OT-white-2022-icsa-22-090-02

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.htmlMailing ListThird Party Advisory

https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090PatchThird Party Advisory

https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394PatchThird Party Advisory

https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xrPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/10/msg00011.htmlMailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html

Show all 14 references

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/

https://www.debian.org/security/2020/dsa-4696Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.htmlNot ApplicableThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin