curl: HTTP/2 PUSH_PROMISE DoS

Vulnerability description not provided...

Denial Of Service (DoS)

libnghttp2.so is vulnerable to a memory leak. The vulnerability exists when the PUSHPROMISE or a HEADERS frame cannot be successfully sent, which can result in nghttp2onstreamclosecallback failing with a fatal error. If the server is under intensive memory operation an attacker could potentially...

curl: Heap overflow via HTTP/2 PUSH_PROMISE

Summary: libcurl HTTP/2 support processes incoming PUSHPROMISE headers by storing them in an array. The code initially allocates storage for 10 headers and then keeps doubling the array size as needed: stream-pushheadersalloc = 2; headp = Curlsafereallocstream-pushheaders, stream-pushheadersalloc...

CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

CVE-2019-9518 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...