CVE-2019-9514
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.821 High
EPSS
Percentile
98.3%
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
References
lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
seclists.org/fulldisclosure/2019/Aug/16
www.openwall.com/lists/oss-security/2019/08/20/1
www.openwall.com/lists/oss-security/2023/10/18/8
access.redhat.com/errata/RHSA-2019:2594
access.redhat.com/errata/RHSA-2019:2661
access.redhat.com/errata/RHSA-2019:2682
access.redhat.com/errata/RHSA-2019:2690
access.redhat.com/errata/RHSA-2019:2726
access.redhat.com/errata/RHSA-2019:2766
access.redhat.com/errata/RHSA-2019:2769
access.redhat.com/errata/RHSA-2019:2796
access.redhat.com/errata/RHSA-2019:2861
access.redhat.com/errata/RHSA-2019:2925
access.redhat.com/errata/RHSA-2019:2939
access.redhat.com/errata/RHSA-2019:2955
access.redhat.com/errata/RHSA-2019:2966
access.redhat.com/errata/RHSA-2019:3131
access.redhat.com/errata/RHSA-2019:3245
access.redhat.com/errata/RHSA-2019:3265
access.redhat.com/errata/RHSA-2019:3892
access.redhat.com/errata/RHSA-2019:3906
access.redhat.com/errata/RHSA-2019:4018
access.redhat.com/errata/RHSA-2019:4019
access.redhat.com/errata/RHSA-2019:4020
access.redhat.com/errata/RHSA-2019:4021
access.redhat.com/errata/RHSA-2019:4040
access.redhat.com/errata/RHSA-2019:4041
access.redhat.com/errata/RHSA-2019:4042
access.redhat.com/errata/RHSA-2019:4045
access.redhat.com/errata/RHSA-2019:4269
access.redhat.com/errata/RHSA-2019:4273
access.redhat.com/errata/RHSA-2019:4352
access.redhat.com/errata/RHSA-2020:0406
access.redhat.com/errata/RHSA-2020:0727
github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
kb.cert.org/vuls/id/605641/
kc.mcafee.com/corporate/index?page=content&id=SB10296
lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
lists.debian.org/debian-lts-announce/2020/12/msg00011.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/
seclists.org/bugtraq/2019/Aug/24
seclists.org/bugtraq/2019/Aug/31
seclists.org/bugtraq/2019/Aug/43
seclists.org/bugtraq/2019/Sep/18
security.netapp.com/advisory/ntap-20190823-0001/
security.netapp.com/advisory/ntap-20190823-0004/
security.netapp.com/advisory/ntap-20190823-0005/
support.f5.com/csp/article/K01988340
support.f5.com/csp/article/K01988340?utm_source=f5support&%3Butm_medium=RSS
usn.ubuntu.com/4308-1/
www.debian.org/security/2019/dsa-4503
www.debian.org/security/2019/dsa-4508
www.debian.org/security/2019/dsa-4520
www.debian.org/security/2020/dsa-4669
www.synology.com/security/advisory/Synology_SA_19_33
Social References
More
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.821 High
EPSS
Percentile
98.3%