VDB

GCVE-110-MAGEIA-2020-256

GCVE-110-MAGEIA-2020-256
Advisory Published
Vulnetix · Advisory published June 10, 2020
nghttp2 has been updated to version 1.41.0 to fix CVE-2020-11080. The overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%.

Affected Products

VendorProductVersionsPlatforms
Mageianghttp20 (affected), 1.41.0-1.mga7 (unaffected)

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›