Description
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the
implementation of HTTP/2 that can allow for excessive memory consumption
(CVE-2018-16843).
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the
implementation of HTTP/2 that can allow for excessive CPU usage
(CVE-2018-16844).
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the
ngx_http_mp4_module, which might allow an attacker to cause infinite
loop in a worker process, cause a worker process crash, or might result
in worker process memory disclosure by using a specially crafted mp4
file (CVE-2018-16845).