FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2015-8659

This CVE name corresponds to:

Entered Topic
2016-01-29 nghttp2 -- use after free

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2015-8659
Phase Assigned(20151223)

Description

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

References

Source Reference
MLIST [oss-security] 20151223 Re: Use after free in nghttp2
MLIST [oss-security] 20151223 Use after free in nghttp2
CONFIRM https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/
CONFIRM https://support.apple.com/HT206166
CONFIRM https://support.apple.com/HT206167
CONFIRM https://support.apple.com/HT206168
CONFIRM https://support.apple.com/HT206169
APPLE APPLE-SA-2016-03-21-1
APPLE APPLE-SA-2016-03-21-2
APPLE APPLE-SA-2016-03-21-3
APPLE APPLE-SA-2016-03-21-5
FEDORA FEDORA-2016-54f85ec6e8