VDB
GCVE-110-MAGEIA-2020-256
GCVE-110-MAGEIA-2020-256
Advisory Published
nghttp2 has been updated to version 1.41.0 to fix CVE-2020-11080.
The overly large HTTP/2 SETTINGS frame payload causes denial of service.
The proof of concept attack involves a malicious client constructing a
SETTINGS frame with a length of 14,400 bytes (2400 individual settings
entries) over and over again. The attack causes the CPU to spike at 100%.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | nghttp2 | 0 (affected), 1.41.0-1.mga7 (unaffected) | — |
References
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.