CVE-2019-9512

Name
CVE-2019-9512
Description
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://kb.cert.org/vuls/id/605641/
Third Party Advisory https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Third Party Advisory https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
Third Party Advisory https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
Third Party Advisory https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
Mailing List https://seclists.org/bugtraq/2019/Aug/24
Mailing List http://seclists.org/fulldisclosure/2019/Aug/16
Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_19_33
Mailing List https://seclists.org/bugtraq/2019/Aug/31
Third Party Advisory https://www.debian.org/security/2019/dsa-4503
Third Party Advisory https://support.f5.com/csp/article/K98053339
Mailing List http://www.openwall.com/lists/oss-security/2019/08/20/1
CONFIRM https://security.netapp.com/advisory/ntap-20190823-0004/
CONFIRM https://security.netapp.com/advisory/ntap-20190823-0005/
CONFIRM https://security.netapp.com/advisory/ntap-20190823-0001/
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
BUGTRAQ https://seclists.org/bugtraq/2019/Aug/43
DEBIAN https://www.debian.org/security/2019/dsa-4508
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
REDHAT https://access.redhat.com/errata/RHSA-2019:2682
DEBIAN https://www.debian.org/security/2019/dsa-4520
REDHAT https://access.redhat.com/errata/RHSA-2019:2726
BUGTRAQ https://seclists.org/bugtraq/2019/Sep/18
REDHAT https://access.redhat.com/errata/RHSA-2019:2594
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
REDHAT https://access.redhat.com/errata/RHSA-2019:2661
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10296
REDHAT https://access.redhat.com/errata/RHSA-2019:2690
REDHAT https://access.redhat.com/errata/RHSA-2019:2766
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
REDHAT https://access.redhat.com/errata/RHSA-2019:2796
REDHAT https://access.redhat.com/errata/RHSA-2019:2861
REDHAT https://access.redhat.com/errata/RHSA-2019:2925
REDHAT https://access.redhat.com/errata/RHSA-2019:2939
REDHAT https://access.redhat.com/errata/RHSA-2019:2955
REDHAT https://access.redhat.com/errata/RHSA-2019:2966
CONFIRM https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS
REDHAT https://access.redhat.com/errata/RHSA-2019:3131
REDHAT https://access.redhat.com/errata/RHSA-2019:2769
REDHAT https://access.redhat.com/errata/RHSA-2019:3245
REDHAT https://access.redhat.com/errata/RHSA-2019:3265
REDHAT https://access.redhat.com/errata/RHSA-2019:3892
REDHAT https://access.redhat.com/errata/RHSA-2019:3906
REDHAT https://access.redhat.com/errata/RHSA-2019:4018
REDHAT https://access.redhat.com/errata/RHSA-2019:4020
REDHAT https://access.redhat.com/errata/RHSA-2019:4019
REDHAT https://access.redhat.com/errata/RHSA-2019:4021
REDHAT https://access.redhat.com/errata/RHSA-2019:4040
REDHAT https://access.redhat.com/errata/RHSA-2019:4042
REDHAT https://access.redhat.com/errata/RHSA-2019:4041
REDHAT https://access.redhat.com/errata/RHSA-2019:4045
REDHAT https://access.redhat.com/errata/RHSA-2019:4269
REDHAT https://access.redhat.com/errata/RHSA-2019:4273
REDHAT https://access.redhat.com/errata/RHSA-2019:4352
REDHAT https://access.redhat.com/errata/RHSA-2020:0406
REDHAT https://access.redhat.com/errata/RHSA-2020:0727
UBUNTU https://usn.ubuntu.com/4308-1/
MLIST https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
py3-twisted edge-community 19.10.0-r0 None fixed
py3-twisted 3.22-community 19.10.0-r0 None fixed
py3-twisted 3.21-community 19.10.0-r0 None fixed
py3-twisted 3.20-community 19.10.0-r0 None fixed
py3-twisted 3.19-community 19.10.0-r0 None fixed
py3-twisted 3.18-community 19.10.0-r0 None fixed
py3-twisted 3.17-community 19.10.0-r0 None fixed
nodejs edge-main 10.16.3-r0 None fixed
nodejs 3.22-main 10.16.3-r0 None fixed
nodejs 3.21-main 10.16.3-r0 None fixed
nodejs 3.20-main 10.16.3-r0 None fixed
nodejs 3.19-main 10.16.3-r0 None fixed
nodejs 3.18-main 10.16.3-r0 None fixed
nodejs 3.17-main 10.16.3-r0 None fixed
nodejs 3.12-main 10.16.3-r0 None fixed
nodejs 3.11-main 10.16.3-r0 None fixed
nodejs 3.10-main 10.16.3-r0 None fixed
k3s edge-community 0.8.1-r0 None fixed
k3s 3.22-community 0.8.1-r0 None fixed
k3s 3.21-community 0.8.1-r0 None fixed
k3s 3.20-community 0.8.1-r0 None fixed
k3s 3.19-community 0.8.1-r0 None fixed
k3s 3.18-community 0.8.1-r0 None fixed
k3s 3.17-community 0.8.1-r0 None fixed
h2o edge-community 2.2.6-r0 None fixed
h2o 3.19-community 2.2.6-r0 None fixed
h2o 3.18-community 2.2.6-r0 None fixed
h2o 3.17-community 2.2.6-r0 None fixed
go edge-community 1.12.8-r0 None fixed
go 3.22-community 1.12.8-r0 None fixed
go 3.21-community 1.12.8-r0 None fixed
go 3.20-community 1.12.8-r0 None fixed
go 3.19-community 1.12.8-r0 None fixed
go 3.18-community 1.12.8-r0 None fixed
go 3.17-community 1.12.8-r0 None fixed
containerd edge-community 1.2.9-r0 None fixed
containerd 3.22-community 1.2.9-r0 None fixed
containerd 3.21-community 1.2.9-r0 None fixed
containerd 3.20-community 1.2.9-r0 None fixed
containerd 3.19-community 1.2.9-r0 None fixed
containerd 3.18-community 1.2.9-r0 None fixed
containerd 3.17-community 1.2.9-r0 None fixed