CVE-2017-2428

EUVD-2017-11611
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
appleiphone_os
𝑥
≤ 10.2.1
applemac_os_x
𝑥
≤ 10.12.3
appletvos
𝑥
≤ 10.1.1
applewatchos
𝑥
≤ 3.1.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nghttp2
artful
not-affected
precise
dne
trusty
dne
xenial
not-affected
yakkety
ignored
zesty
not-affected
References
http://www.securityfocus.com/bid/97146
http://www.securitytracker.com/id/1038138
https://github.com/nghttp2/nghttp2/releases/tag/v1.17.0
https://support.apple.com/HT207601
https://support.apple.com/HT207602
https://support.apple.com/HT207615
https://support.apple.com/HT207617
http://www.securityfocus.com/bid/97146
http://www.securitytracker.com/id/1038138
https://github.com/nghttp2/nghttp2/releases/tag/v1.17.0
https://support.apple.com/HT207601
https://support.apple.com/HT207602
https://support.apple.com/HT207615
https://support.apple.com/HT207617