FreeBSD : nghttp2 -- Out of memory in nghttpd, nghttp, and libnghttp2_asio (07718e2b-d29d-11e5-a95f-b499baebfeaf)
High Nessus Plugin ID 88729
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionNghttp2 reports :
Out of memory in nghttpd, nghttp, and libnghttp2_asio applications due to unlimited incoming HTTP header fields.
nghttpd, nghttp, and libnghttp2_asio applications do not limit the memory usage for the incoming HTTP header field. If peer sends specially crafted HTTP/2 HEADERS frames and CONTINUATION frames, they will crash with out of memory error.
Note that libnghttp2 itself is not affected by this vulnerability.
SolutionUpdate the affected package.