CVE-2019-9512

Published: Aug 13, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Affected (10)

Products: Apple: Swiftnio · Apache: Traffic Server · Debian: Debian Linux · +1 more

Show all products

Apple: Swiftnio · Apache: Traffic Server · Debian: Debian Linux · Nodejs: Node.js

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Apple Swiftnio	From 1.0.0 to 1.4.0

Running on/with	Platform Versions
Apple Mac Os X	From 10.12
Canonical Ubuntu Linux	From 14.04

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Apache Traffic Server	From 6.0.0 to 6.2.3
Apache Traffic Server	From 7.0.0 to 7.1.6
Apache Traffic Server	From 8.0.0 to 8.0.3

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Nodejs Node.js	From 10.0.0 to 10.12.0
Nodejs Node.js	From 12.0.0 to 12.8.1
Nodejs Node.js	From 8.0.0 to 8.8.1
Nodejs Node.js	From 10.13.0 to 10.16.3
Nodejs Node.js	From 8.9.0 to 8.16.1

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (130)

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

Source: cret@cert.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

Source: cret@cert.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

Source: cret@cert.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

Source: cret@cert.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

Source: cret@cert.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

Source: cret@cert.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html

Source: cret@cert.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Aug/16

Source: cret@cert.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/08/20/1

Source: cret@cert.org

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:2594

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2661

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2682

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2690

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2726

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2766

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2769

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2796

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2861

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2925

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2939

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2955

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2966

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3131

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3245

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3265

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3892

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3906

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4018

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4019

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4020

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4021

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4040

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4041

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4042

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4045

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4269

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4273

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4352

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0406

Source: cret@cert.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0727

Source: cret@cert.org

Third Party Advisory

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

Source: cret@cert.org

Third Party Advisory

https://kb.cert.org/vuls/id/605641/

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

https://kc.mcafee.com/corporate/index?page=content&id=SB10296

Source: cret@cert.org

Third Party Advisory

https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E

Source: cret@cert.org

https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E

Source: cret@cert.org

https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E

Source: cret@cert.org

https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html

Source: cret@cert.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/

Source: cret@cert.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/

Source: cret@cert.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/

Source: cret@cert.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/

Source: cret@cert.org

https://seclists.org/bugtraq/2019/Aug/24

Source: cret@cert.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/31

Source: cret@cert.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/43

Source: cret@cert.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Sep/18

Source: cret@cert.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20190823-0001/

Source: cret@cert.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190823-0004/

Source: cret@cert.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190823-0005/

Source: cret@cert.org

Third Party Advisory

https://support.f5.com/csp/article/K98053339

Source: cret@cert.org

Third Party Advisory

https://support.f5.com/csp/article/K98053339?utm_source=f5support&amp%3Butm_medium=RSS

Source: cret@cert.org

https://usn.ubuntu.com/4308-1/

Source: cret@cert.org

Third Party Advisory

https://www.debian.org/security/2019/dsa-4503

Source: cret@cert.org

Third Party Advisory

https://www.debian.org/security/2019/dsa-4508

Source: cret@cert.org

Third Party Advisory

https://www.debian.org/security/2019/dsa-4520

Source: cret@cert.org

Third Party Advisory

https://www.synology.com/security/advisory/Synology_SA_19_33

Source: cret@cert.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html