Bot releases are visible (Hide)
Published by tatsuhiro-t about 8 years ago
Published by tatsuhiro-t about 8 years ago
Published by tatsuhiro-t over 8 years ago
Published by tatsuhiro-t over 8 years ago
Published by tatsuhiro-t over 8 years ago
Published by tatsuhiro-t over 8 years ago
Published by tatsuhiro-t over 8 years ago
Published by tatsuhiro-t over 8 years ago
Published by tatsuhiro-t over 8 years ago
Published by tatsuhiro-t over 8 years ago
Published by tatsuhiro-t over 8 years ago
Published by tatsuhiro-t over 8 years ago
CVE-2016-1544: Out of memory in nghttpd, nghttp, and libnghttp2_asio applications due
to unlimited incoming HTTP header fields.
nghttpd, nghttp, and libnghttp2_asio applications do not limit the
memory usage for the incoming HTTP header field. If peer sends
specially crafted HTTP/2 HEADERS frames and CONTINUATION frames, they
will crash with out of memory error.
HTTP/2 uses HPACK to compress header fields. The basic idea is that
HTTP header field is stored in the receiver with the numeric index
number. The memory used by this storage is tightly constrained, and
it is 4KiB by default. When sender sends the same header field, it
just sends the corresponding numeric index number, which is usually 1
or 2 bytes. This means that after sender makes the receiver store the
relatively large header field (e.g., 4KiB), and it can send specially
crafted HEADERS/CONTINUATION frames which contain a lot of references
to the stored header field, sender easily effectively send lots of big
header fields to the receiver quite easily. nghttpd, nghttp, and
libnghttp2_asio applications do not limit the memory usage for
received header fields, so if the peer performs the procedure
described above, they will crash due to out of memory.
Note that libnghttp2 itself is not affected by this vulnerability.
Install nghttp2 v1.7.1
It was first reported to the nghttp2 team February 3 2016.
nghttp2 v1.7.1 was released on February 11 2016.
Reported by Noam Mazor. Fixed by the nghttp2 team.
Thank you for all who involved.
Published by tatsuhiro-t over 8 years ago
Published by tatsuhiro-t almost 9 years ago
Published by tatsuhiro-t almost 9 years ago
errored
Published by tatsuhiro-t almost 9 years ago
Published by tatsuhiro-t about 9 years ago
Published by tatsuhiro-t about 9 years ago
Published by tatsuhiro-t about 9 years ago
Published by tatsuhiro-t about 9 years ago
typeof
and replace __builtin_offsetof
with offsetof
stream->weight
even if stream->last_writelen
is 0--daemon
(Patch from Tomasz Buchert)--accept-proxy-protocol
option)--with-mruby
configure option to enable it)