Lucene search

[email protected]CVE-2019-9512

HistoryAug 13, 2019 - 9:15 p.m.

CVE-2019-9512

2019-08-1321:15:00

CWE-400

[email protected]

web.nvd.nist.gov

437

cve-2019-9512

http/2

ping flood

denial of service

vulnerability

nvd

security

cpu

memory

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.154 Low

EPSS

Percentile

95.8%

JSON

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

CPENameOperatorVersion
apple:swiftnioapple swiftniole1.4.0
apache:traffic_serverapache traffic serverle8.0.3
apache:traffic_serverapache traffic serverle7.1.6
apache:traffic_serverapache traffic serverle6.2.3
debian:debian_linuxdebian debian linuxeq10.0
nodejs:node.jsnodejs node.jsle8.8.1
nodejs:node.jsnodejs node.jsle10.12.0
nodejs:node.jsnodejs node.jslt12.8.1
nodejs:node.jsnodejs node.jslt10.16.3
nodejs:node.jsnodejs node.jslt8.16.1

CPE	Name	Operator	Version
apple:swiftnio	apple swiftnio	le	1.4.0
apache:traffic_server	apache traffic server	le	8.0.3
apache:traffic_server	apache traffic server	le	7.1.6
apache:traffic_server	apache traffic server	le	6.2.3
debian:debian_linux	debian debian linux	eq	10.0
nodejs:node.js	nodejs node.js	le	8.8.1
nodejs:node.js	nodejs node.js	le	10.12.0
nodejs:node.js	nodejs node.js	lt	12.8.1
nodejs:node.js	nodejs node.js	lt	10.16.3
nodejs:node.js	nodejs node.js	lt	8.16.1

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html

seclists.org/fulldisclosure/2019/Aug/16

www.openwall.com/lists/oss-security/2019/08/20/1

access.redhat.com/errata/RHSA-2019:2594

access.redhat.com/errata/RHSA-2019:2661

access.redhat.com/errata/RHSA-2019:2682

access.redhat.com/errata/RHSA-2019:2690

access.redhat.com/errata/RHSA-2019:2726

access.redhat.com/errata/RHSA-2019:2766

access.redhat.com/errata/RHSA-2019:2769

access.redhat.com/errata/RHSA-2019:2796

access.redhat.com/errata/RHSA-2019:2861

access.redhat.com/errata/RHSA-2019:2925

access.redhat.com/errata/RHSA-2019:2939

access.redhat.com/errata/RHSA-2019:2955

access.redhat.com/errata/RHSA-2019:2966

access.redhat.com/errata/RHSA-2019:3131

access.redhat.com/errata/RHSA-2019:3245

access.redhat.com/errata/RHSA-2019:3265

access.redhat.com/errata/RHSA-2019:3892

access.redhat.com/errata/RHSA-2019:3906

access.redhat.com/errata/RHSA-2019:4018

access.redhat.com/errata/RHSA-2019:4019

access.redhat.com/errata/RHSA-2019:4020

access.redhat.com/errata/RHSA-2019:4021

access.redhat.com/errata/RHSA-2019:4040

access.redhat.com/errata/RHSA-2019:4041

access.redhat.com/errata/RHSA-2019:4042

access.redhat.com/errata/RHSA-2019:4045

access.redhat.com/errata/RHSA-2019:4269

access.redhat.com/errata/RHSA-2019:4273

access.redhat.com/errata/RHSA-2019:4352

access.redhat.com/errata/RHSA-2020:0406

access.redhat.com/errata/RHSA-2020:0727

github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

kb.cert.org/vuls/id/605641/

kc.mcafee.com/corporate/index?page=content&id=SB10296

lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E

lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E

lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E

lists.debian.org/debian-lts-announce/2020/12/msg00011.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/

seclists.org/bugtraq/2019/Aug/24

seclists.org/bugtraq/2019/Aug/31

seclists.org/bugtraq/2019/Aug/43

seclists.org/bugtraq/2019/Sep/18

security.netapp.com/advisory/ntap-20190823-0001/

security.netapp.com/advisory/ntap-20190823-0004/

security.netapp.com/advisory/ntap-20190823-0005/

support.f5.com/csp/article/K98053339

support.f5.com/csp/article/K98053339?utm_source=f5support&amp%3Butm_medium=RSS

usn.ubuntu.com/4308-1/

www.debian.org/security/2019/dsa-4503

www.debian.org/security/2019/dsa-4508

www.debian.org/security/2019/dsa-4520

www.synology.com/security/advisory/Synology_SA_19_33

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.154 Low

EPSS

Percentile

95.8%

JSON

CVE-2019-9512

References

Social References

Related