CVE - CVE-2019-9516

CVE-ID
CVE-2019-9516	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 URL:https://seclists.org/bugtraq/2019/Aug/24 BUGTRAQ:20190822 [SECURITY] [DSA 4505-1] nginx security update URL:https://seclists.org/bugtraq/2019/Aug/40 CERT-VN:VU#605641 URL:https://kb.cert.org/vuls/id/605641/ CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10296 CONFIRM:https://security.netapp.com/advisory/ntap-20190823-0002/ CONFIRM:https://security.netapp.com/advisory/ntap-20190823-0005/ CONFIRM:https://support.f5.com/csp/article/K02591030 CONFIRM:https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS CONFIRM:https://www.synology.com/security/advisory/Synology_SA_19_33 DEBIAN:DSA-4505 URL:https://www.debian.org/security/2019/dsa-4505 FEDORA:FEDORA-2019-4427fd65be URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/ FEDORA:FEDORA-2019-5a6a7bc12c URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/ FEDORA:FEDORA-2019-63ba15cc83 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/ FEDORA:FEDORA-2019-6a2980de56 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/ FEDORA:FEDORA-2019-7a0b45fdc4 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/ FEDORA:FEDORA-2019-befd924cfe URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/ FEDORA:FEDORA-2021-d5b2c18fe6 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/ FULLDISC:20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 URL:http://seclists.org/fulldisclosure/2019/Aug/16 MISC:https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md REDHAT:RHSA-2019:2745 URL:https://access.redhat.com/errata/RHSA-2019:2745 REDHAT:RHSA-2019:2746 URL:https://access.redhat.com/errata/RHSA-2019:2746 REDHAT:RHSA-2019:2775 URL:https://access.redhat.com/errata/RHSA-2019:2775 REDHAT:RHSA-2019:2799 URL:https://access.redhat.com/errata/RHSA-2019:2799 REDHAT:RHSA-2019:2925 URL:https://access.redhat.com/errata/RHSA-2019:2925 REDHAT:RHSA-2019:2939 URL:https://access.redhat.com/errata/RHSA-2019:2939 REDHAT:RHSA-2019:2946 URL:https://access.redhat.com/errata/RHSA-2019:2946 REDHAT:RHSA-2019:2950 URL:https://access.redhat.com/errata/RHSA-2019:2950 REDHAT:RHSA-2019:2955 URL:https://access.redhat.com/errata/RHSA-2019:2955 REDHAT:RHSA-2019:2966 URL:https://access.redhat.com/errata/RHSA-2019:2966 REDHAT:RHSA-2019:3932 URL:https://access.redhat.com/errata/RHSA-2019:3932 REDHAT:RHSA-2019:3933 URL:https://access.redhat.com/errata/RHSA-2019:3933 REDHAT:RHSA-2019:3935 URL:https://access.redhat.com/errata/RHSA-2019:3935 SUSE:openSUSE-SU-2019:2114 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html SUSE:openSUSE-SU-2019:2115 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html SUSE:openSUSE-SU-2019:2120 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html SUSE:openSUSE-SU-2019:2264 URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html UBUNTU:USN-4099-1 URL:https://usn.ubuntu.com/4099-1/
Assigning CNA
CERT/CC
Date Record Created
20190301	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190301)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)