{ "modified": "2025-08-09T19:01:28Z", "published": "2016-01-12T19:59:13Z", "id": "CVE-2015-8659", "details": "The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "references": [ { "type": "ADVISORY", "url": "https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/" }, { "type": "ADVISORY", "url": "https://security.gentoo.org/glsa/201612-06" }, { "type": "ADVISORY", "url": "https://support.apple.com/HT206166" }, { "type": "ADVISORY", "url": "https://support.apple.com/HT206167" }, { "type": "ADVISORY", "url": "https://support.apple.com/HT206168" }, { "type": "ADVISORY", "url": "https://support.apple.com/HT206169" }, { "type": "FIX", "url": "https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" }, { "type": "WEB", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175085.html" }, { "type": "WEB", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175423.html" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2015/12/23/10" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2015/12/23/6" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1035353" } ] }