CVE-2019-9511

Name
CVE-2019-9511
Description
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://kb.cert.org/vuls/id/605641/
Third Party Advisory https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Third Party Advisory https://usn.ubuntu.com/4099-1/
Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_19_33
Third Party Advisory https://support.f5.com/csp/article/K02591030
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
Mailing List https://seclists.org/bugtraq/2019/Aug/40
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/
Third Party Advisory https://www.debian.org/security/2019/dsa-4505
Third Party Advisory https://security.netapp.com/advisory/ntap-20190823-0005/
Third Party Advisory https://security.netapp.com/advisory/ntap-20190823-0002/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
Mailing List https://seclists.org/bugtraq/2019/Sep/1
Third Party Advisory https://www.debian.org/security/2019/dsa-4511
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2692
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2746
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2745
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2775
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2799
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2925
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2939
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2949
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2955
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2966
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html
Third Party Advisory https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3041
Patch https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3935
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3933
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3932
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4018
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4019
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4021
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4020
Third Party Advisory https://www.debian.org/security/2020/dsa-4669
Third Party Advisory https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory https://www.oracle.com/security-alerts/cpujan2021.html

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status