Bug 2485395 - CVE-2026-49975 nginx: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack [fedora-all]
Summary: CVE-2026-49975 nginx: HTTP/2: Remote Denial of Service via compression bomb a...
Keywords:
Status: CLOSED DUPLICATE of bug 2485558
Alias: None
Product: Fedora
Classification: Fedora
Component: nginx
Version: rawhide
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Felix Kaechele
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: {"flaws": ["a3e68c4f-26c2-49d5-b8c4-1...
Depends On:
Blocks: CVE-2026-49975
TreeView+ depends on / blocked
 
Reported: 2026-06-05 09:01 UTC by Dhananjay Arunesh
Modified: 2026-06-05 20:28 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2026-06-05 20:28:00 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2026-06-05 09:01:23 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Marco Benatto 2026-06-05 20:28:00 UTC
Closing this tracker as the CVE ID associated to it should be used only by mod_http2 from the httpd server.
A new tracker was raised to track the NGINX instead.

*** This bug has been marked as a duplicate of bug 2485558 ***


Note You need to log in before you can comment on or make changes to this bug.