How severe is CVE-2020-11080?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-11080?

This is classified as CWE-707, which is a common weakness in software security.

CVE-2020-11080

HIGH Year: 2020

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-707

View all →

Vulnerability Description

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

CVE-2019-10052

HIGH

CVSS:7.5(High)

An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a pan...

CWE-7072019

CVE-2022-3495

HIGH

CVSS:7.2(High)

A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of th...

CWE-7072022

CVE-2022-3967

HIGH

CVSS:7.8(High)

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to ar...

CWE-7072022

CVE-2022-4052

HIGH

CVSS:7.2(High)

A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the arg...

CWE-7072022

CVE-2022-4278

HIGH

CVSS:7.2(High)

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipu...

CWE-7072022

CVE-2022-4282

HIGH

CVSS:7.2(High)

A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. T...

CWE-7072022

CVE-2020-11080

Vulnerability Description

Related Vulnerabilities

CVE-2019-10052

CVE-2022-3495

CVE-2022-3967

CVE-2022-4052

CVE-2022-4278

CVE-2022-4282