CVE-2019-9512

HIGH

SwiftNIO 1.0.0-1.3.9 - Denial of Service via HTTP/2 Ping Flood

Title source: llm

Description

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

References (65)

Core 65

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

https://kb.cert.org/vuls/id/605641/

Third Party Advisory x_refsource_misc

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

View Writeup ZIP pw:eip

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Aug/24

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2019/Aug/16

Third Party Advisory x_refsource_confirm

https://www.synology.com/security/advisory/Synology_SA_19_33

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Aug/31

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2019/dsa-4503

Third Party Advisory x_refsource_confirm

https://support.f5.com/csp/article/K98053339

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/08/20/1

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20190823-0001/

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20190823-0004/

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20190823-0005/

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Aug/43

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2019/dsa-4508

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html