CVE-2019-9512

HIGH

HTTP/2 - DoS

Title source: llm

Description

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

References (65)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2019/Aug/16

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/08/20/1

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2594

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2661

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2682

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2690

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2726

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2766

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2769

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2796

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2861

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2925

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2939

... and 45 more

Scores

CVSS v3 7.5

EPSS 0.5123

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-400

Status published

Affected Products (6)

apple/swiftnio < 1.4.0

apache/traffic_server < 6.2.3

debian/debian_linux

nodejs/node.js < 8.8.1

nodejs/node.js < 8.16.1

x/net < 0.0.0-20190813141303-74dc4d7220e7Go

Timeline

Published Aug 13, 2019

Tracked Since Feb 18, 2026