Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-D8C136BE1DF27278BE1920A69C9A6667HistoryMay 24, 2022 - 12:00 a.m.
Uncontrolled Resource Consumption
2022-05-2400:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
10
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Some HTTP/2 implementations is vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go/golang.org/x/net | lt | 0.0.0-20190813141303-74dc4d7220e7 |
Related
f5
f5
K98053339 : HTTP/2 Ping Flood vulnerability CVE-2019-9512
2019-08-20 00:00:00
debiancve
debiancve
CVE-2019-9512
2019-08-13 21:15:00
github
github
golang.org/x/net/http vulnerable to ping floods
2022-05-24 16:53:17
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
2022-03-14 22:45:11
wolfi
wolfi
CVE-2019-9512 vulnerabilities
2024-04-28 09:06:10
veracode
veracode
Denial Of Service (DoS) Via Ping Floods
2019-09-04 08:20:27
symantec
symantec
Microsoft Windows 'HTTP.sys' CVE-2019-9512 Denial of Service Vulnerability
2019-08-13 00:00:00
mscve
mscve
HTTP/2 Server Denial of Service Vulnerability
2019-08-13 07:00:00
cgr
cgr
CVE-2019-9512 vulnerabilities
2024-04-28 09:06:10
gitlab
gitlab
Uncontrolled Resource Consumption
2022-05-24 00:00:00
cve
cve
CVE-2019-9512
2019-08-13 21:15:00
CVE-2019-14988
2019-08-13 18:15:00
alpinelinux
alpinelinux
CVE-2019-9512
2019-08-13 21:15:00
redhatcve
redhatcve
CVE-2019-9512
2022-05-14 11:32:54
prion
prion
Design/Logic Flaw
2019-08-13 21:15:00
nessus
nessus
F5 Networks BIG-IP : HTTP/2 Ping Flood vulnerability (K98053339)
2019-09-25 00:00:00
Kubernetes 1.13.x < 1.13.10 / 1.14.x < 1.14.6 / 1.15.x < 1.15.3 DoS
2020-03-31 00:00:00
Rocky Linux 8 : container-tools:1.0 (RLSA-2019:4273)
2023-11-07 00:00:00
osv
osv
Important: container-tools:1.0 security update
2019-12-17 09:20:02
CVE-2019-9514
2019-08-13 21:15:12
golang.org/x/net/http vulnerable to ping floods
2022-05-24 16:53:17
redhat
redhat
(RHSA-2020:0406) Important: containernetworking-plugins security update
2020-02-04 18:54:49
(RHSA-2019:3245) Important: OpenShift Container Platform 4.2 security update
2019-10-29 17:28:20
(RHSA-2019:2726) Important: go-toolset:rhel8 security and bug fix update
2019-09-10 10:40:48
rocky
rocky
container-tools:1.0 security update
2019-12-17 09:20:02
container-tools:rhel8 security and bug fix update
2019-12-17 09:19:28
openvas
openvas
Debian: Security Advisory (DLA-2485-1)
2020-12-09 00:00:00
Mageia: Security Advisory (MGASA-2020-0468)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2019-1967)
2020-01-23 00:00:00
ibm
ibm
altlinux
altlinux
Security fix for the ALT Linux 10 package kubernetes version 1.15.3-alt1
2019-09-26 00:00:00
Security fix for the ALT Linux 10 package traefik version 1.7.14-alt1
2019-08-23 00:00:00
Security fix for the ALT Linux 10 package golang version 1.12.9-alt1
2019-08-19 00:00:00
mageia
mageia
Updated golang-googlecode-net package fixes security vulnerabilities
2020-12-22 00:47:06
Updated golang packages fix security vulnerabilities
2019-09-07 00:09:08
amazon
amazon
Important: golang
2019-08-23 03:20:00
Important: golang
2019-08-23 16:58:00
almalinux
almalinux
Important: container-tools:1.0 security update
2019-12-17 09:20:02
Important: container-tools:rhel8 security and bug fix update
2019-12-17 09:19:28
freebsd
freebsd
traefik -- Denial of service in HTTP/2
2019-08-13 00:00:00
h2o -- multiple HTTP/2 vulnerabilities
2019-08-13 00:00:00
h2o -- multiple HTTP/2 vulnerabilities
2019-08-13 00:00:00
oraclelinux
oraclelinux
go-toolset:rhel8 security and bug fix update
2019-09-17 00:00:00
container-tools:1.0 security update
2020-01-03 00:00:00
container-tools:ol8 security and bug fix update
2020-04-15 00:00:00
ubuntucve
ubuntucve
CVE-2019-9512
2019-08-13 00:00:00
debian
debian
[SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update
2020-12-08 22:15:45
[SECURITY] [DSA 4508-1] h2o security update
2019-08-24 14:44:01
[SECURITY] [DSA 4503-1] golang-1.11 security update
2019-08-18 18:25:11
arista
arista
Security Advisory 0043
2019-11-06 00:00:00
archlinux
archlinux
[ASA-201908-15] go: multiple issues
2019-08-24 00:00:00
[ASA-201908-16] go-pie: multiple issues
2019-08-24 00:00:00
suse
suse
Security update for go1.12 (moderate)
2019-09-02 00:00:00
Security update for go1.12 (moderate)
2019-09-14 00:00:00
Security update for go1.12 (moderate)
2019-09-07 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: golang-1.12.9-1.fc30
2019-09-06 12:35:05
[SECURITY] Fedora 30 Update: golang-1.12.10-1.fc30
2019-10-09 16:54:30
[SECURITY] Fedora 30 Update: golang-1.12.13-1.fc30
2019-11-12 02:09:13
ubuntu
ubuntu
Netty vulnerabilities
2021-06-29 00:00:00
Twisted vulnerabilities
2020-03-19 00:00:00
apple
apple
About the security content of SwiftNIO HTTP/2 1.5.0 - Apple Support
2019-08-13 06:09:21
About the security content of SwiftNIO HTTP/2 1.5.0
2019-08-13 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-4.0-0298
2022-12-14 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related for GITLAB-D8C136BE1DF27278BE1920A69C9A6667