Lucene search

[email protected]NVD:CVE-2019-9512

HistoryAug 13, 2019 - 9:15 p.m.

CVE-2019-9512

2019-08-1321:15:12

CWE-400

[email protected]

web.nvd.nist.gov

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.154 Low

EPSS

Percentile

95.9%

JSON

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Affected configurations

NVD

Node

appleswiftnioRange1.0.0–1.4.0

AND

applemac_os_xRange10.12≥

canonicalubuntu_linuxRange14.04≥

Node

apachetraffic_serverRange6.0.0–6.2.3

apachetraffic_serverRange7.0.0–7.1.6

apachetraffic_serverRange8.0.0–8.0.3

Node

debiandebian_linuxMatch10.0

Node

nodejsnode.jsRange8.0.0–8.8.1-

nodejsnode.jsRange8.9.0–8.16.1lts

nodejsnode.jsRange10.0.0–10.12.0-

nodejsnode.jsRange10.13.0–10.16.3lts

nodejsnode.jsRange12.0.0–12.8.1-

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html

seclists.org/fulldisclosure/2019/Aug/16

www.openwall.com/lists/oss-security/2019/08/20/1

access.redhat.com/errata/RHSA-2019:2594

access.redhat.com/errata/RHSA-2019:2661

access.redhat.com/errata/RHSA-2019:2682

access.redhat.com/errata/RHSA-2019:2690

access.redhat.com/errata/RHSA-2019:2726

access.redhat.com/errata/RHSA-2019:2766

access.redhat.com/errata/RHSA-2019:2769

access.redhat.com/errata/RHSA-2019:2796

access.redhat.com/errata/RHSA-2019:2861

access.redhat.com/errata/RHSA-2019:2925

access.redhat.com/errata/RHSA-2019:2939

access.redhat.com/errata/RHSA-2019:2955

access.redhat.com/errata/RHSA-2019:2966

access.redhat.com/errata/RHSA-2019:3131

access.redhat.com/errata/RHSA-2019:3245

access.redhat.com/errata/RHSA-2019:3265

access.redhat.com/errata/RHSA-2019:3892

access.redhat.com/errata/RHSA-2019:3906

access.redhat.com/errata/RHSA-2019:4018

access.redhat.com/errata/RHSA-2019:4019

access.redhat.com/errata/RHSA-2019:4020

access.redhat.com/errata/RHSA-2019:4021

access.redhat.com/errata/RHSA-2019:4040

access.redhat.com/errata/RHSA-2019:4041

access.redhat.com/errata/RHSA-2019:4042

access.redhat.com/errata/RHSA-2019:4045

access.redhat.com/errata/RHSA-2019:4269

access.redhat.com/errata/RHSA-2019:4273

access.redhat.com/errata/RHSA-2019:4352

access.redhat.com/errata/RHSA-2020:0406

access.redhat.com/errata/RHSA-2020:0727

github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

kb.cert.org/vuls/id/605641/

kc.mcafee.com/corporate/index?page=content&id=SB10296

lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E

lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E

lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E

lists.debian.org/debian-lts-announce/2020/12/msg00011.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/

seclists.org/bugtraq/2019/Aug/24

seclists.org/bugtraq/2019/Aug/31

seclists.org/bugtraq/2019/Aug/43

seclists.org/bugtraq/2019/Sep/18

security.netapp.com/advisory/ntap-20190823-0001/

security.netapp.com/advisory/ntap-20190823-0004/

security.netapp.com/advisory/ntap-20190823-0005/

support.f5.com/csp/article/K98053339

support.f5.com/csp/article/K98053339?utm_source=f5support&amp%3Butm_medium=RSS

usn.ubuntu.com/4308-1/

www.debian.org/security/2019/dsa-4503

www.debian.org/security/2019/dsa-4508

www.debian.org/security/2019/dsa-4520

www.synology.com/security/advisory/Synology_SA_19_33

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.154 Low

EPSS

Percentile

95.9%

JSON

CVE-2019-9512

Affected configurations

References

Related