{"id":"UBUNTU-CVE-2023-44487","details":"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.","modified":"2026-04-22T14:13:37.260939Z","published":"2023-10-10T00:00:00Z","related":["USN-6427-1","USN-6427-2","USN-6438-1","USN-6505-1","USN-6574-1","USN-6754-1","USN-6994-1","USN-7067-1","USN-7410-1","USN-7469-1","USN-7469-2","USN-7469-3","USN-7469-4","USN-7892-1"],"upstream":["CVE-2023-44487"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-44487"},{"type":"REPORT","url":"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"},{"type":"REPORT","url":"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"},{"type":"REPORT","url":"https://www.mail-archive.com/haproxy@formilux.org/msg44134.html"},{"type":"REPORT","url":"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"},{"type":"REPORT","url":"https://my.f5.com/manage/s/article/K000137106"},{"type":"REPORT","url":"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"},{"type":"REPORT","url":"https://www.mail-archive.com/haproxy@formilux.org/msg44134.html"},{"type":"REPORT","url":"https://devblogs.microsoft.com/dotnet/october-2023-updates/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6427-1"},{"type":"REPORT","url":"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"},{"type":"REPORT","url":"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6427-2"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6438-1"},{"type":"REPORT","url":"https://nodejs.org/en/blog/vulnerability/october-2023-security-releases"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6505-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6574-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-44487"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6754-1"},{"type":"REPORT","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6994-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7067-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7410-1"},{"type":"REPORT","url":"https://tomcat.apache.org/security-8.html"},{"type":"REPORT","url":"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7469-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7469-2"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7469-3"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7469-4"},{"type":"REPORT","url":"https://blog.powerdns.com/2024/02/16/powerdns-dnsdist-1.9.0-released"},{"type":"REPORT","url":"https://mailman.powerdns.com/pipermail/dnsdist/2023-October/001409.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7892-1"}],"affected":[{"package":{"name":"nghttp2","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/nghttp2@1.7.1-1ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.1-1ubuntu0.1~esm2"}]}],"versions":["0.6.7-1","1.3.4-2","1.4.0-1","1.4.0-2","1.5.0-2","1.6.0-1","1.7.0-1","1.7.1-1","1.7.1-1ubuntu0.1~esm1"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"libnghttp2-14","binary_version":"1.7.1-1ubuntu0.1~esm2"},{"binary_name":"nghttp2","binary_version":"1.7.1-1ubuntu0.1~esm2"},{"binary_name":"nghttp2-client","binary_version":"1.7.1-1ubuntu0.1~esm2"},{"binary_name":"nghttp2-proxy","binary_version":"1.7.1-1ubuntu0.1~esm2"},{"binary_name":"nghttp2-server","binary_version":"1.7.1-1ubuntu0.1~esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"haproxy","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/haproxy@1.8.8-1ubuntu0.13+esm3?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.8-1ubuntu0.13+esm3"}]}],"versions":["1.7.9-1ubuntu1","1.7.9-1ubuntu2","1.8.4-1","1.8.7-1","1.8.8-1","1.8.8-1ubuntu0.1","1.8.8-1ubuntu0.2","1.8.8-1ubuntu0.3","1.8.8-1ubuntu0.4","1.8.8-1ubuntu0.6","1.8.8-1ubuntu0.7","1.8.8-1ubuntu0.8","1.8.8-1ubuntu0.9","1.8.8-1ubuntu0.10","1.8.8-1ubuntu0.11","1.8.8-1ubuntu0.13","1.8.8-1ubuntu0.13+esm2"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"haproxy","binary_version":"1.8.8-1ubuntu0.13+esm3"},{"binary_name":"vim-haproxy","binary_version":"1.8.8-1ubuntu0.13+esm3"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"nghttp2","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/nghttp2@1.30.0-1ubuntu1+esm2?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.30.0-1ubuntu1+esm2"}]}],"versions":["1.25.0-1","1.27.0-1","1.28.0-1","1.29.0-1","1.29.0-1build1","1.30.0-1","1.30.0-1ubuntu1","1.30.0-1ubuntu1+esm1"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"libnghttp2-14","binary_version":"1.30.0-1ubuntu1+esm2"},{"binary_name":"nghttp2","binary_version":"1.30.0-1ubuntu1+esm2"},{"binary_name":"nghttp2-client","binary_version":"1.30.0-1ubuntu1+esm2"},{"binary_name":"nghttp2-proxy","binary_version":"1.30.0-1ubuntu1+esm2"},{"binary_name":"nghttp2-server","binary_version":"1.30.0-1ubuntu1+esm2"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"h2o","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/h2o@2.2.4+dfsg-1ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.4+dfsg-1ubuntu0.1~esm2"}]}],"versions":["2.2.3+dfsg-2","2.2.4+dfsg-1","2.2.4+dfsg-1build1"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"h2o","binary_version":"2.2.4+dfsg-1ubuntu0.1~esm2"},{"binary_name":"libh2o-dev-common","binary_version":"2.2.4+dfsg-1ubuntu0.1~esm2"},{"binary_name":"libh2o-evloop0.13","binary_version":"2.2.4+dfsg-1ubuntu0.1~esm2"},{"binary_name":"libh2o0.13","binary_version":"2.2.4+dfsg-1ubuntu0.1~esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"nodejs","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/nodejs@8.10.0~dfsg-2ubuntu0.4+esm6?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.10.0~dfsg-2ubuntu0.4+esm6"}]}],"versions":["6.11.4~dfsg-1ubuntu1","6.11.4~dfsg-1ubuntu2","6.12.0~dfsg-1ubuntu1","6.12.0~dfsg-2ubuntu1","6.12.0~dfsg-2ubuntu2","8.10.0~dfsg-2","8.10.0~dfsg-2ubuntu0.2","8.10.0~dfsg-2ubuntu0.3","8.10.0~dfsg-2ubuntu0.4","8.10.0~dfsg-2ubuntu0.4+esm1","8.10.0~dfsg-2ubuntu0.4+esm2","8.10.0~dfsg-2ubuntu0.4+esm3","8.10.0~dfsg-2ubuntu0.4+esm4","8.10.0~dfsg-2ubuntu0.4+esm5"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"nodejs","binary_version":"8.10.0~dfsg-2ubuntu0.4+esm6"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"tomcat8","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/tomcat8@8.5.39-1ubuntu1~18.04.3+esm4?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.5.39-1ubuntu1~18.04.3+esm4"}]}],"versions":["8.5.21-1ubuntu1","8.5.29-1","8.5.30-1","8.5.30-1ubuntu1","8.5.30-1ubuntu1.2","8.5.30-1ubuntu1.3","8.5.30-1ubuntu1.4","8.5.39-1ubuntu1~18.04.1","8.5.39-1ubuntu1~18.04.2","8.5.39-1ubuntu1~18.04.3","8.5.39-1ubuntu1~18.04.3+esm1","8.5.39-1ubuntu1~18.04.3+esm2","8.5.39-1ubuntu1~18.04.3+esm3"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"libtomcat8-embed-java","binary_version":"8.5.39-1ubuntu1~18.04.3+esm4"},{"binary_name":"libtomcat8-java","binary_version":"8.5.39-1ubuntu1~18.04.3+esm4"},{"binary_name":"tomcat8","binary_version":"8.5.39-1ubuntu1~18.04.3+esm4"},{"binary_name":"tomcat8-admin","binary_version":"8.5.39-1ubuntu1~18.04.3+esm4"},{"binary_name":"tomcat8-common","binary_version":"8.5.39-1ubuntu1~18.04.3+esm4"},{"binary_name":"tomcat8-docs","binary_version":"8.5.39-1ubuntu1~18.04.3+esm4"},{"binary_name":"tomcat8-examples","binary_version":"8.5.39-1ubuntu1~18.04.3+esm4"},{"binary_name":"tomcat8-user","binary_version":"8.5.39-1ubuntu1~18.04.3+esm4"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"tomcat9","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/tomcat9@9.0.16-3ubuntu0.18.04.2+esm5?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.16-3ubuntu0.18.04.2+esm5"}]}],"versions":["9.0.16-3~18.04.1","9.0.16-3ubuntu0.18.04.1","9.0.16-3ubuntu0.18.04.2","9.0.16-3ubuntu0.18.04.2+esm1","9.0.16-3ubuntu0.18.04.2+esm2","9.0.16-3ubuntu0.18.04.2+esm3","9.0.16-3ubuntu0.18.04.2+esm4"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"libtomcat9-embed-java","binary_version":"9.0.16-3ubuntu0.18.04.2+esm5"},{"binary_name":"libtomcat9-java","binary_version":"9.0.16-3ubuntu0.18.04.2+esm5"},{"binary_name":"tomcat9","binary_version":"9.0.16-3ubuntu0.18.04.2+esm5"},{"binary_name":"tomcat9-admin","binary_version":"9.0.16-3ubuntu0.18.04.2+esm5"},{"binary_name":"tomcat9-common","binary_version":"9.0.16-3ubuntu0.18.04.2+esm5"},{"binary_name":"tomcat9-docs","binary_version":"9.0.16-3ubuntu0.18.04.2+esm5"},{"binary_name":"tomcat9-examples","binary_version":"9.0.16-3ubuntu0.18.04.2+esm5"},{"binary_name":"tomcat9-user","binary_version":"9.0.16-3ubuntu0.18.04.2+esm5"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"nghttp2","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/nghttp2@1.40.0-1ubuntu0.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.40.0-1ubuntu0.2"}]}],"versions":["1.39.2-1","1.40.0-1","1.40.0-1build1","1.40.0-1ubuntu0.1"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"libnghttp2-14","binary_version":"1.40.0-1ubuntu0.2"},{"binary_name":"nghttp2","binary_version":"1.40.0-1ubuntu0.2"},{"binary_name":"nghttp2-client","binary_version":"1.40.0-1ubuntu0.2"},{"binary_name":"nghttp2-proxy","binary_version":"1.40.0-1ubuntu0.2"},{"binary_name":"nghttp2-server","binary_version":"1.40.0-1ubuntu0.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"tomcat9","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/tomcat9@9.0.31-1ubuntu0.9?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.31-1ubuntu0.9"}]}],"versions":["9.0.24-1","9.0.27-1","9.0.31-1","9.0.31-1ubuntu0.1","9.0.31-1ubuntu0.2","9.0.31-1ubuntu0.3","9.0.31-1ubuntu0.4","9.0.31-1ubuntu0.5","9.0.31-1ubuntu0.6","9.0.31-1ubuntu0.7","9.0.31-1ubuntu0.8"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"libtomcat9-embed-java","binary_version":"9.0.31-1ubuntu0.9"},{"binary_name":"libtomcat9-java","binary_version":"9.0.31-1ubuntu0.9"},{"binary_name":"tomcat9","binary_version":"9.0.31-1ubuntu0.9"},{"binary_name":"tomcat9-admin","binary_version":"9.0.31-1ubuntu0.9"},{"binary_name":"tomcat9-common","binary_version":"9.0.31-1ubuntu0.9"},{"binary_name":"tomcat9-docs","binary_version":"9.0.31-1ubuntu0.9"},{"binary_name":"tomcat9-examples","binary_version":"9.0.31-1ubuntu0.9"},{"binary_name":"tomcat9-user","binary_version":"9.0.31-1ubuntu0.9"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"h2o","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/h2o@2.2.5+dfsg2-3ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.5+dfsg2-3ubuntu0.1~esm1"}]}],"versions":["2.2.5+dfsg2-3","2.2.5+dfsg2-3build1"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"h2o","binary_version":"2.2.5+dfsg2-3ubuntu0.1~esm1"},{"binary_name":"libh2o-dev-common","binary_version":"2.2.5+dfsg2-3ubuntu0.1~esm1"},{"binary_name":"libh2o-evloop0.13","binary_version":"2.2.5+dfsg2-3ubuntu0.1~esm1"},{"binary_name":"libh2o0.13","binary_version":"2.2.5+dfsg2-3ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"nodejs","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/nodejs@10.19.0~dfsg-3ubuntu1.6+esm2?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.19.0~dfsg-3ubuntu1.6+esm2"}]}],"versions":["10.15.2~dfsg-2ubuntu1","10.17.0~dfsg-2ubuntu4","10.17.0~dfsg-2ubuntu6","10.19.0~dfsg-3ubuntu1","10.19.0~dfsg-3ubuntu1.1","10.19.0~dfsg-3ubuntu1.2","10.19.0~dfsg-3ubuntu1.3","10.19.0~dfsg-3ubuntu1.5","10.19.0~dfsg-3ubuntu1.6"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"libnode64","binary_version":"10.19.0~dfsg-3ubuntu1.6+esm2"},{"binary_name":"nodejs","binary_version":"10.19.0~dfsg-3ubuntu1.6+esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"trafficserver","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/trafficserver@8.0.5+ds-3ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0.5+ds-3ubuntu0.1~esm1"}]}],"versions":["8.0.5+ds-1","8.0.5+ds-2","8.0.5+ds-2build1","8.0.5+ds-2ubuntu1","8.0.5+ds-3"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"trafficserver","binary_version":"8.0.5+ds-3ubuntu0.1~esm1"},{"binary_name":"trafficserver-experimental-plugins","binary_version":"8.0.5+ds-3ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"dotnet6","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/dotnet6@6.0.123-0ubuntu1~22.04.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.123-0ubuntu1~22.04.1"}]}],"versions":["6.0.108-0ubuntu1~22.04.1","6.0.109-0ubuntu1~22.04.1","6.0.110-0ubuntu1~22.04.1","6.0.111-0ubuntu1~22.04.1","6.0.113-0ubuntu1~22.04.1","6.0.116-0ubuntu1~22.04.1","6.0.118-0ubuntu1~22.04.1","6.0.119-0ubuntu1~22.04.1","6.0.120-0ubuntu1~22.04.1","6.0.121-0ubuntu1~22.04.1","6.0.122-0ubuntu1~22.04.1"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"aspnetcore-runtime-6.0","binary_version":"6.0.123-0ubuntu1~22.04.1"},{"binary_name":"aspnetcore-targeting-pack-6.0","binary_version":"6.0.123-0ubuntu1~22.04.1"},{"binary_name":"dotnet-apphost-pack-6.0","binary_version":"6.0.123-0ubuntu1~22.04.1"},{"binary_name":"dotnet-host","binary_version":"6.0.123-0ubuntu1~22.04.1"},{"binary_name":"dotnet-hostfxr-6.0","binary_version":"6.0.123-0ubuntu1~22.04.1"},{"binary_name":"dotnet-runtime-6.0","binary_version":"6.0.123-0ubuntu1~22.04.1"},{"binary_name":"dotnet-sdk-6.0","binary_version":"6.0.123-0ubuntu1~22.04.1"},{"binary_name":"dotnet-sdk-6.0-source-built-artifacts","binary_version":"6.0.123-0ubuntu1~22.04.1"},{"binary_name":"dotnet-targeting-pack-6.0","binary_version":"6.0.123-0ubuntu1~22.04.1"},{"binary_name":"dotnet-templates-6.0","binary_version":"6.0.123-0ubuntu1~22.04.1"},{"binary_name":"dotnet6","binary_version":"6.0.123-0ubuntu1~22.04.1"},{"binary_name":"netstandard-targeting-pack-2.1","binary_version":"6.0.123-0ubuntu1~22.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"dotnet7","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/dotnet7@7.0.112-0ubuntu1~22.04.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.112-0ubuntu1~22.04.1"}]}],"versions":["7.0.105-0ubuntu1~22.04.1","7.0.107-0ubuntu1~22.04.1","7.0.108-0ubuntu1~22.04.1","7.0.109-0ubuntu1~22.04.1","7.0.110-0ubuntu1~22.04.1","7.0.111-0ubuntu1~22.04.1"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"aspnetcore-runtime-7.0","binary_version":"7.0.112-0ubuntu1~22.04.1"},{"binary_name":"aspnetcore-targeting-pack-7.0","binary_version":"7.0.112-0ubuntu1~22.04.1"},{"binary_name":"dotnet-apphost-pack-7.0","binary_version":"7.0.112-0ubuntu1~22.04.1"},{"binary_name":"dotnet-host-7.0","binary_version":"7.0.112-0ubuntu1~22.04.1"},{"binary_name":"dotnet-hostfxr-7.0","binary_version":"7.0.112-0ubuntu1~22.04.1"},{"binary_name":"dotnet-runtime-7.0","binary_version":"7.0.112-0ubuntu1~22.04.1"},{"binary_name":"dotnet-sdk-7.0","binary_version":"7.0.112-0ubuntu1~22.04.1"},{"binary_name":"dotnet-sdk-7.0-source-built-artifacts","binary_version":"7.0.112-0ubuntu1~22.04.1"},{"binary_name":"dotnet-targeting-pack-7.0","binary_version":"7.0.112-0ubuntu1~22.04.1"},{"binary_name":"dotnet-templates-7.0","binary_version":"7.0.112-0ubuntu1~22.04.1"},{"binary_name":"dotnet7","binary_version":"7.0.112-0ubuntu1~22.04.1"},{"binary_name":"netstandard-targeting-pack-2.1-7.0","binary_version":"7.0.112-0ubuntu1~22.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"netty","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/netty@1:4.1.48-4+deb11u2build0.22.04.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.1.48-4+deb11u2build0.22.04.1"}]}],"versions":["1:4.1.48-4","1:4.1.48-4+deb11u1build0.22.04.1"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"libnetty-java","binary_version":"1:4.1.48-4+deb11u2build0.22.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"nghttp2","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/nghttp2@1.43.0-1ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.43.0-1ubuntu0.1"}]}],"versions":["1.43.0-1","1.43.0-1build1","1.43.0-1build2","1.43.0-1build3"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"libnghttp2-14","binary_version":"1.43.0-1ubuntu0.1"},{"binary_name":"nghttp2","binary_version":"1.43.0-1ubuntu0.1"},{"binary_name":"nghttp2-client","binary_version":"1.43.0-1ubuntu0.1"},{"binary_name":"nghttp2-proxy","binary_version":"1.43.0-1ubuntu0.1"},{"binary_name":"nghttp2-server","binary_version":"1.43.0-1ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"tomcat9","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.58-1ubuntu0.2"}]}],"versions":["9.0.43-3","9.0.54-1","9.0.55-1","9.0.58-1","9.0.58-1ubuntu0.1"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"libtomcat9-embed-java","binary_version":"9.0.58-1ubuntu0.2"},{"binary_name":"libtomcat9-java","binary_version":"9.0.58-1ubuntu0.2"},{"binary_name":"tomcat9","binary_version":"9.0.58-1ubuntu0.2"},{"binary_name":"tomcat9-admin","binary_version":"9.0.58-1ubuntu0.2"},{"binary_name":"tomcat9-common","binary_version":"9.0.58-1ubuntu0.2"},{"binary_name":"tomcat9-docs","binary_version":"9.0.58-1ubuntu0.2"},{"binary_name":"tomcat9-examples","binary_version":"9.0.58-1ubuntu0.2"},{"binary_name":"tomcat9-user","binary_version":"9.0.58-1ubuntu0.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"dnsdist","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/dnsdist@1.6.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.1-1ubuntu0.1~esm1"}]}],"versions":["1.5.1-3build2","1.6.1-1build1"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"dnsdist","binary_version":"1.6.1-1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"h2o","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/h2o@2.2.5+dfsg2-6.1ubuntu2+esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.5+dfsg2-6.1ubuntu2+esm1"}]}],"versions":["2.2.5+dfsg2-6","2.2.5+dfsg2-6.1","2.2.5+dfsg2-6.1ubuntu1","2.2.5+dfsg2-6.1ubuntu2"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"h2o","binary_version":"2.2.5+dfsg2-6.1ubuntu2+esm1"},{"binary_name":"libh2o-dev-common","binary_version":"2.2.5+dfsg2-6.1ubuntu2+esm1"},{"binary_name":"libh2o-evloop0.13","binary_version":"2.2.5+dfsg2-6.1ubuntu2+esm1"},{"binary_name":"libh2o0.13","binary_version":"2.2.5+dfsg2-6.1ubuntu2+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"nodejs","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3.6+esm2?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.22.9~dfsg-1ubuntu3.6+esm2"}]}],"versions":["12.22.5~dfsg-5ubuntu1","12.22.7~dfsg-2ubuntu1","12.22.7~dfsg-2ubuntu3","12.22.9~dfsg-1ubuntu2","12.22.9~dfsg-1ubuntu3","12.22.9~dfsg-1ubuntu3.1","12.22.9~dfsg-1ubuntu3.2","12.22.9~dfsg-1ubuntu3.3","12.22.9~dfsg-1ubuntu3.4","12.22.9~dfsg-1ubuntu3.5","12.22.9~dfsg-1ubuntu3.6"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"libnode72","binary_version":"12.22.9~dfsg-1ubuntu3.6+esm2"},{"binary_name":"nodejs","binary_version":"12.22.9~dfsg-1ubuntu3.6+esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"trafficserver","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/trafficserver@9.1.1+ds-2ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.1.1+ds-2ubuntu0.1~esm1"}]}],"versions":["8.1.1+ds-1.1","9.1.1+ds-2build1"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"trafficserver","binary_version":"9.1.1+ds-2ubuntu0.1~esm1"},{"binary_name":"trafficserver-experimental-plugins","binary_version":"9.1.1+ds-2ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}},{"package":{"name":"dotnet8","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/dotnet8@8.0.100-8.0.0-0ubuntu1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0.100-8.0.0-0ubuntu1"}]}],"versions":["8.0.100-8.0.0~rc1-0ubuntu1","8.0.100-8.0.0~rc2-0ubuntu1","8.0.100-8.0.0~rc2-0ubuntu2"],"ecosystem_specific":{"priority_reason":"Listed in CISA Known Exploited Vulnerabilities Catalog","binaries":[{"binary_name":"aspnetcore-runtime-8.0","binary_version":"8.0.0-0ubuntu1"},{"binary_name":"aspnetcore-targeting-pack-8.0","binary_version":"8.0.0-0ubuntu1"},{"binary_name":"dotnet-apphost-pack-8.0","binary_version":"8.0.0-0ubuntu1"},{"binary_name":"dotnet-host-8.0","binary_version":"8.0.0-0ubuntu1"},{"binary_name":"dotnet-hostfxr-8.0","binary_version":"8.0.0-0ubuntu1"},{"binary_name":"dotnet-runtime-8.0","binary_version":"8.0.0-0ubuntu1"},{"binary_name":"dotnet-sdk-8.0","binary_version":"8.0.100-0ubuntu1"},{"binary_name":"dotnet-sdk-8.0-source-built-artifacts","binary_version":"8.0.100-0ubuntu1"},{"binary_name":"dotnet-targeting-pack-8.0","binary_version":"8.0.0-0ubuntu1"},{"binary_name":"dotnet-templates-8.0","binary_version":"8.0.100-0ubuntu1"},{"binary_name":"dotnet8","binary_version":"8.0.100-8.0.0-0ubuntu1"},{"binary_name":"netstandard-targeting-pack-2.1-8.0","binary_version":"8.0.100-0ubuntu1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-44487.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"high"}]}