CVE-2015-8659 — CRITICAL (10.0)

Q: What is CVE-2015-8659?

CVE-2015-8659 is a vulnerability with a CVSS score of 10.0 (CRITICAL). The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

Q: How severe is CVE-2015-8659?

CVE-2015-8659 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2015-8659?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Nghttp2 Nghttp2, Apple Iphone Os, Apple Tvos, Apple Watchos.

Vulnerability Description

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

CVSS Score

10.0

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apple	Mac Os X	<= 10.11.3
Nghttp2	Nghttp2	<= 1.5.0
Apple	Iphone Os	<= 9.2.1
Apple	Tvos	<= 9.1
Apple	Watchos	<= 2.1

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2015-8659?

CVE-2015-8659 is a vulnerability with a CVSS score of 10.0 (CRITICAL). The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

How severe is CVE-2015-8659?

CVE-2015-8659 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2015-8659?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Nghttp2 Nghttp2, Apple Iphone Os, Apple Tvos, Apple Watchos.