CVE-2019-9516

MEDIUM

SwiftNIO 1.0.0-1.3.9 - Denial of Service via HTTP/2 Header Leak

Title source: llm

Description

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

References (37)

Core 37

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

https://kb.cert.org/vuls/id/605641/

Third Party Advisory x_refsource_misc

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

View Writeup ZIP pw:eip

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Aug/24

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4099-1/

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2019/Aug/16

Third Party Advisory x_refsource_confirm

https://www.synology.com/security/advisory/Synology_SA_19_33

Third Party Advisory x_refsource_confirm

https://support.f5.com/csp/article/K02591030

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Aug/40

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2019/dsa-4505

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20190823-0002/

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20190823-0005/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

Third Party Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10296