CVE-2019-9513

Name
CVE-2019-9513
Description
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://kb.cert.org/vuls/id/605641/
Third Party Advisory https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Third Party Advisory https://usn.ubuntu.com/4099-1/
Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_19_33
Third Party Advisory https://support.f5.com/csp/article/K02591030
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
Mailing List https://seclists.org/bugtraq/2019/Aug/40
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/
Third Party Advisory https://www.debian.org/security/2019/dsa-4505
Third Party Advisory https://security.netapp.com/advisory/ntap-20190823-0005/
Third Party Advisory https://security.netapp.com/advisory/ntap-20190823-0002/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/
Mailing List https://seclists.org/bugtraq/2019/Sep/1
Third Party Advisory https://www.debian.org/security/2019/dsa-4511
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2692
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2746
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2745
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2775
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2799
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2925
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2939
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2949
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2955
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2966
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html
Third Party Advisory https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3041
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3935
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3933
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3932
Third Party Advisory https://www.debian.org/security/2020/dsa-4669
Third Party Advisory https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory https://www.oracle.com/security-alerts/cpujan2021.html

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status