Lucene search

Veracode Vulnerability DatabaseVERACODE:21424

HistorySep 04, 2019 - 8:20 a.m.

Denial Of Service (DoS) Via Ping Floods

2019-09-0408:20:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

github.com/grpc/grpc-go is vulnerable to denial of service (DoS) attacks. The attack can be triggered by sending a flood of pings by a HTTP/2 peer, leading to an excessive data queue and causing high CPU and resource consumption.

CPENameOperatorVersion
github.com/grpc/grpc-goeqHEAD
github.com/grpc/grpc-gole1.22.2
go-toolset-1.11eq1.11.5__2.el7
go-toolset-1.11eq1.11.6__1.el7
go-toolset-1.11eq1.11.6__3.el7
go-toolset-1.11eq1.11.5__1.el7
go-toolset-1.11-golangeq1.11.6__3.el7
go-toolset-1.11-golangeq1.11.5__3.el7
go-toolset-1.11-golangeq1.11.5__1.el7
go-toolset-1.11-golangeq1.11.6__5.el7

Name	Operator	Version
github.com/grpc/grpc-go	eq	HEAD
github.com/grpc/grpc-go	le	1.22.2
go-toolset-1.11	eq	1.11.5__2.el7
go-toolset-1.11	eq	1.11.6__1.el7
go-toolset-1.11	eq	1.11.6__3.el7
go-toolset-1.11	eq	1.11.5__1.el7
go-toolset-1.11-golang	eq	1.11.6__3.el7
go-toolset-1.11-golang	eq	1.11.5__3.el7
go-toolset-1.11-golang	eq	1.11.5__1.el7
go-toolset-1.11-golang	eq	1.11.6__5.el7

Rows per page:

1-10 of 34161

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html

seclists.org/fulldisclosure/2019/Aug/16

www.openwall.com/lists/oss-security/2019/08/20/1

access.redhat.com/errata/RHSA-2019:2594

access.redhat.com/errata/RHSA-2019:2661

access.redhat.com/errata/RHSA-2019:2682

access.redhat.com/errata/RHSA-2019:2690

access.redhat.com/errata/RHSA-2019:2726

access.redhat.com/errata/RHSA-2019:2766

access.redhat.com/errata/RHSA-2019:2769

access.redhat.com/errata/RHSA-2019:2796

access.redhat.com/errata/RHSA-2019:2861

access.redhat.com/errata/RHSA-2019:2925

access.redhat.com/errata/RHSA-2019:2939

access.redhat.com/errata/RHSA-2019:2955

access.redhat.com/errata/RHSA-2019:2966

access.redhat.com/errata/RHSA-2019:3131

access.redhat.com/errata/RHSA-2019:3245

access.redhat.com/errata/RHSA-2019:3265

access.redhat.com/errata/RHSA-2019:3892

access.redhat.com/errata/RHSA-2019:3906

access.redhat.com/errata/RHSA-2019:4018

access.redhat.com/errata/RHSA-2019:4019

access.redhat.com/errata/RHSA-2019:4020

access.redhat.com/errata/RHSA-2019:4021

access.redhat.com/errata/RHSA-2019:4040

access.redhat.com/errata/RHSA-2019:4041

access.redhat.com/errata/RHSA-2019:4042

access.redhat.com/errata/RHSA-2019:4045

access.redhat.com/errata/RHSA-2019:4269

access.redhat.com/errata/RHSA-2019:4273

access.redhat.com/errata/RHSA-2019:4352

access.redhat.com/errata/RHSA-2020:0406

access.redhat.com/errata/RHSA-2020:0727

github.com/grpc/grpc-go/commit/ee21c923a2d1b8c5aa62dea4ce93c2fecac5e687

github.com/grpc/grpc-go/pull/2970

github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

kb.cert.org/vuls/id/605641/

kc.mcafee.com/corporate/index?page=content&id=SB10296

lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E

lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E

lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E

lists.debian.org/debian-lts-announce/2020/12/msg00011.html

lists.fedoraproject.org/archives/list/[email protected]/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/

lists.fedoraproject.org/archives/list/[email protected]/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/

lists.fedoraproject.org/archives/list/[email protected]/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/

lists.fedoraproject.org/archives/list/[email protected]/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/

seclists.org/bugtraq/2019/Aug/24

seclists.org/bugtraq/2019/Aug/31

seclists.org/bugtraq/2019/Aug/43

seclists.org/bugtraq/2019/Sep/18

security.netapp.com/advisory/ntap-20190823-0001/

security.netapp.com/advisory/ntap-20190823-0004/

security.netapp.com/advisory/ntap-20190823-0005/

support.f5.com/csp/article/K98053339

support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS

usn.ubuntu.com/4308-1/

www.debian.org/security/2019/dsa-4503

www.debian.org/security/2019/dsa-4508

www.debian.org/security/2019/dsa-4520

www.linkedin.com/in/jonathan-looney-46b5532

www.synology.com/security/advisory/Synology_SA_19_33

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Denial Of Service (DoS) Via Ping Floods

References

Related