Lucene search

[email protected]CVE-2019-9512

HistoryAug 13, 2019 - 9:15 p.m.

CVE-2019-9512

2019-08-1321:15:12

CWE-400

[email protected]

web.nvd.nist.gov

477

cve-2019-9512

http/2

ping flood

denial of service

vulnerability

nvd

security

cpu

memory

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.154

Percentile

95.9%

JSON

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Affected configurations

NVD

Node

appleswiftnioRange1.0.0–1.4.0

AND

applemac_os_xRange10.12≥

canonicalubuntu_linuxRange14.04≥

Node

apachetraffic_serverRange6.0.0–6.2.3

apachetraffic_serverRange7.0.0–7.1.6

apachetraffic_serverRange8.0.0–8.0.3

Node

debiandebian_linuxMatch10.0

Node

nodejsnode.jsRange8.0.0–8.8.1-

nodejsnode.jsRange8.9.0–8.16.1lts

nodejsnode.jsRange10.0.0–10.12.0-

nodejsnode.jsRange10.13.0–10.16.3lts

nodejsnode.jsRange12.0.0–12.8.1-

VendorProductVersionCPE
appleswiftniocpe:/a:apple:swiftnio::::

Vendor	Product	Version	CPE
apple	swiftnio		cpe:/a:apple:swiftnio::::

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html

seclists.org/fulldisclosure/2019/Aug/16

www.openwall.com/lists/oss-security/2019/08/20/1

access.redhat.com/errata/RHSA-2019:2594

access.redhat.com/errata/RHSA-2019:2661

access.redhat.com/errata/RHSA-2019:2682

access.redhat.com/errata/RHSA-2019:2690

access.redhat.com/errata/RHSA-2019:2726

access.redhat.com/errata/RHSA-2019:2766

access.redhat.com/errata/RHSA-2019:2769

access.redhat.com/errata/RHSA-2019:2796

access.redhat.com/errata/RHSA-2019:2861

access.redhat.com/errata/RHSA-2019:2925

access.redhat.com/errata/RHSA-2019:2939

access.redhat.com/errata/RHSA-2019:2955

access.redhat.com/errata/RHSA-2019:2966

access.redhat.com/errata/RHSA-2019:3131

access.redhat.com/errata/RHSA-2019:3245

access.redhat.com/errata/RHSA-2019:3265

access.redhat.com/errata/RHSA-2019:3892

access.redhat.com/errata/RHSA-2019:3906

access.redhat.com/errata/RHSA-2019:4018

access.redhat.com/errata/RHSA-2019:4019

access.redhat.com/errata/RHSA-2019:4020

access.redhat.com/errata/RHSA-2019:4021

access.redhat.com/errata/RHSA-2019:4040

access.redhat.com/errata/RHSA-2019:4041

access.redhat.com/errata/RHSA-2019:4042

access.redhat.com/errata/RHSA-2019:4045

access.redhat.com/errata/RHSA-2019:4269

access.redhat.com/errata/RHSA-2019:4273

access.redhat.com/errata/RHSA-2019:4352

access.redhat.com/errata/RHSA-2020:0406

access.redhat.com/errata/RHSA-2020:0727

github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

kb.cert.org/vuls/id/605641/

kc.mcafee.com/corporate/index?page=content&id=SB10296

lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E

lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E

lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E

lists.debian.org/debian-lts-announce/2020/12/msg00011.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/

seclists.org/bugtraq/2019/Aug/24

seclists.org/bugtraq/2019/Aug/31

seclists.org/bugtraq/2019/Aug/43

seclists.org/bugtraq/2019/Sep/18

security.netapp.com/advisory/ntap-20190823-0001/

security.netapp.com/advisory/ntap-20190823-0004/

security.netapp.com/advisory/ntap-20190823-0005/

support.f5.com/csp/article/K98053339

support.f5.com/csp/article/K98053339?utm_source=f5support&amp%3Butm_medium=RSS

usn.ubuntu.com/4308-1/

www.debian.org/security/2019/dsa-4503

www.debian.org/security/2019/dsa-4508

www.debian.org/security/2019/dsa-4520

www.synology.com/security/advisory/Synology_SA_19_33

Social References

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.154

Percentile

95.9%

JSON

CVE-2019-9512

Affected configurations

References

Social References

Related