关键漏洞信息 CVE ID: CVE-2018-16844 Bugzilla ID: 1644510 Summary: Nginx: Excessive CPU usage via flaw in HTTP/2 implementation Reported: 2018-10-31 04:07 UTC Modified: 2021-02-16 22:50 UTC Status: CLOSED ERRATA Fixed In Version: nginx 1.15.6, nginx 1.14.1 Priority: medium Severity: medium Component: vulnerability 评论摘要 Comment 1: Mentioning the Nginx project as the acknowledgments. Comment 2: Ansible Tower is not affected as it does not enable HTTP/2. Comment 3: CloudForms is not affected due to no change or alteration in the Nginx configuration. Comment 4: Provided external reference to the Nginx announce list. Comment 8: Upstream patch provided. Comment 9: Statement that rh-nginx18-nginx is not affected. Comment 11: Issue addressed in RHSA-2018:3680. Comment 12: Issue addressed in RHSA-2018:3681. 结论 此漏洞影响 Nginx 的 HTTP/2 实现,导致 CPU 使用率过高。相关补丁已在多个版本的 Nginx 中发布,并通过 Red Hat Security Advisories 解决了问题。某些特定配置或产品不受此漏洞影响。