CVE - CVE-2019-9512

CVE-ID
CVE-2019-9512	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 URL:https://seclists.org/bugtraq/2019/Aug/24 BUGTRAQ:20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update URL:https://seclists.org/bugtraq/2019/Aug/31 BUGTRAQ:20190825 [SECURITY] [DSA 4508-1] h2o security update URL:https://seclists.org/bugtraq/2019/Aug/43 BUGTRAQ:20190910 [SECURITY] [DSA 4520-1] trafficserver security update URL:https://seclists.org/bugtraq/2019/Sep/18 CERT-VN:VU#605641 URL:https://kb.cert.org/vuls/id/605641/ CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10296 CONFIRM:https://security.netapp.com/advisory/ntap-20190823-0001/ CONFIRM:https://security.netapp.com/advisory/ntap-20190823-0004/ CONFIRM:https://security.netapp.com/advisory/ntap-20190823-0005/ CONFIRM:https://support.f5.com/csp/article/K98053339 CONFIRM:https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS CONFIRM:https://www.synology.com/security/advisory/Synology_SA_19_33 DEBIAN:DSA-4503 URL:https://www.debian.org/security/2019/dsa-4503 DEBIAN:DSA-4508 URL:https://www.debian.org/security/2019/dsa-4508 DEBIAN:DSA-4520 URL:https://www.debian.org/security/2019/dsa-4520 FEDORA:FEDORA-2019-55d101a740 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/ FEDORA:FEDORA-2019-5a6a7bc12c URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/ FEDORA:FEDORA-2019-65db7ad6c7 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/ FEDORA:FEDORA-2019-6a2980de56 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/ FULLDISC:20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 URL:http://seclists.org/fulldisclosure/2019/Aug/16 MISC:https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md MLIST:[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update URL:https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html MLIST:[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514 URL:http://www.openwall.com/lists/oss-security/2019/08/20/1 MLIST:[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks URL:https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E MLIST:[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks URL:https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E MLIST:[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks URL:https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E REDHAT:RHSA-2019:2594 URL:https://access.redhat.com/errata/RHSA-2019:2594 REDHAT:RHSA-2019:2661 URL:https://access.redhat.com/errata/RHSA-2019:2661 REDHAT:RHSA-2019:2682 URL:https://access.redhat.com/errata/RHSA-2019:2682 REDHAT:RHSA-2019:2690 URL:https://access.redhat.com/errata/RHSA-2019:2690 REDHAT:RHSA-2019:2726 URL:https://access.redhat.com/errata/RHSA-2019:2726 REDHAT:RHSA-2019:2766 URL:https://access.redhat.com/errata/RHSA-2019:2766 REDHAT:RHSA-2019:2769 URL:https://access.redhat.com/errata/RHSA-2019:2769 REDHAT:RHSA-2019:2796 URL:https://access.redhat.com/errata/RHSA-2019:2796 REDHAT:RHSA-2019:2861 URL:https://access.redhat.com/errata/RHSA-2019:2861 REDHAT:RHSA-2019:2925 URL:https://access.redhat.com/errata/RHSA-2019:2925 REDHAT:RHSA-2019:2939 URL:https://access.redhat.com/errata/RHSA-2019:2939 REDHAT:RHSA-2019:2955 URL:https://access.redhat.com/errata/RHSA-2019:2955 REDHAT:RHSA-2019:2966 URL:https://access.redhat.com/errata/RHSA-2019:2966 REDHAT:RHSA-2019:3131 URL:https://access.redhat.com/errata/RHSA-2019:3131 REDHAT:RHSA-2019:3245 URL:https://access.redhat.com/errata/RHSA-2019:3245 REDHAT:RHSA-2019:3265 URL:https://access.redhat.com/errata/RHSA-2019:3265 REDHAT:RHSA-2019:3892 URL:https://access.redhat.com/errata/RHSA-2019:3892 REDHAT:RHSA-2019:3906 URL:https://access.redhat.com/errata/RHSA-2019:3906 REDHAT:RHSA-2019:4018 URL:https://access.redhat.com/errata/RHSA-2019:4018 REDHAT:RHSA-2019:4019 URL:https://access.redhat.com/errata/RHSA-2019:4019 REDHAT:RHSA-2019:4020 URL:https://access.redhat.com/errata/RHSA-2019:4020 REDHAT:RHSA-2019:4021 URL:https://access.redhat.com/errata/RHSA-2019:4021 REDHAT:RHSA-2019:4040 URL:https://access.redhat.com/errata/RHSA-2019:4040 REDHAT:RHSA-2019:4041 URL:https://access.redhat.com/errata/RHSA-2019:4041 REDHAT:RHSA-2019:4042 URL:https://access.redhat.com/errata/RHSA-2019:4042 REDHAT:RHSA-2019:4045 URL:https://access.redhat.com/errata/RHSA-2019:4045 REDHAT:RHSA-2019:4269 URL:https://access.redhat.com/errata/RHSA-2019:4269 REDHAT:RHSA-2019:4273 URL:https://access.redhat.com/errata/RHSA-2019:4273 REDHAT:RHSA-2019:4352 URL:https://access.redhat.com/errata/RHSA-2019:4352 REDHAT:RHSA-2020:0406 URL:https://access.redhat.com/errata/RHSA-2020:0406 REDHAT:RHSA-2020:0727 URL:https://access.redhat.com/errata/RHSA-2020:0727 SUSE:openSUSE-SU-2019:2000 URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html SUSE:openSUSE-SU-2019:2056 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html SUSE:openSUSE-SU-2019:2072 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html SUSE:openSUSE-SU-2019:2085 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html SUSE:openSUSE-SU-2019:2114 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html SUSE:openSUSE-SU-2019:2115 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html SUSE:openSUSE-SU-2019:2130 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html UBUNTU:USN-4308-1 URL:https://usn.ubuntu.com/4308-1/
Assigning CNA
CERT/CC
Date Record Created
20190301	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190301)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)