ByteOS Network

NVD Vulnerability Details :

CVE-2015-8659

Deferred

Source-cve@mitre.org

Published At-12 Jan, 2016 | 19:59

Updated At-12 Apr, 2025 | 10:46

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	10.0	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Apple Inc.

>>mac_os_x>>Versions up to 10.11.3(inclusive)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

nghttp2>>nghttp2>>Versions up to 1.5.0(inclusive)

cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*

Apple Inc.

>>iphone_os>>Versions up to 9.2.1(inclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Apple Inc.

>>tvos>>Versions up to 9.1(inclusive)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Apple Inc.

>>watchos>>Versions up to 2.1(inclusive)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	cve@mitre.org	N/A
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	cve@mitre.org	N/A
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	cve@mitre.org	N/A
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	cve@mitre.org	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175085.html	cve@mitre.org	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175423.html	cve@mitre.org	N/A
http://www.openwall.com/lists/oss-security/2015/12/23/10	cve@mitre.org	N/A
http://www.openwall.com/lists/oss-security/2015/12/23/6	cve@mitre.org	N/A
http://www.securitytracker.com/id/1035353	cve@mitre.org	N/A
https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/	cve@mitre.org	Patch Vendor Advisory
https://security.gentoo.org/glsa/201612-06	cve@mitre.org	N/A
https://support.apple.com/HT206166	cve@mitre.org	Vendor Advisory
https://support.apple.com/HT206167	cve@mitre.org	Vendor Advisory
https://support.apple.com/HT206168	cve@mitre.org	Vendor Advisory
https://support.apple.com/HT206169	cve@mitre.org	Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175085.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175423.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.openwall.com/lists/oss-security/2015/12/23/10	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.openwall.com/lists/oss-security/2015/12/23/6	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id/1035353	af854a3a-2127-422b-91ae-364da2661108	N/A
https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://security.gentoo.org/glsa/201612-06	af854a3a-2127-422b-91ae-364da2661108	N/A
https://support.apple.com/HT206166	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/HT206167	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/HT206168	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://support.apple.com/HT206169	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History