RHEL 7 : OpenShift Container Platform 3.9 (RHSA-2019:2769)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2769 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

ALPINE-CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

PT-2019-2979 · Alt Linux +7 · Alt Linux +7

Name of the Vulnerable Software and Affected Versions: HTTP/2 implementations affected versions not specified Description: The issue is related to a flood of empty frames in HTTP/2 implementations, which can lead to a denial of service. An attacker sends a stream of frames with an empty payload a...

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...