CVE-2019-9514

Name
CVE-2019-9514
Description
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://kb.cert.org/vuls/id/605641/
Third Party Advisory https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Mailing List https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
Mailing List https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
Mailing List https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
Mailing List https://seclists.org/bugtraq/2019/Aug/24
Mailing List http://seclists.org/fulldisclosure/2019/Aug/16
Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_19_33
Mailing List https://seclists.org/bugtraq/2019/Aug/31
Third Party Advisory https://www.debian.org/security/2019/dsa-4503
Third Party Advisory https://support.f5.com/csp/article/K01988340
Mailing List http://www.openwall.com/lists/oss-security/2019/08/20/1
Third Party Advisory https://security.netapp.com/advisory/ntap-20190823-0004/
Third Party Advisory https://security.netapp.com/advisory/ntap-20190823-0005/
Third Party Advisory https://security.netapp.com/advisory/ntap-20190823-0001/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Mailing List https://seclists.org/bugtraq/2019/Aug/43
Third Party Advisory https://www.debian.org/security/2019/dsa-4508
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2682
Third Party Advisory https://www.debian.org/security/2019/dsa-4520
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2726
Mailing List https://seclists.org/bugtraq/2019/Sep/18
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2594
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2661
Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2690
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2766
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2796
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2861
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2925
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2939
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2955
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2966
Third Party Advisory https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3131
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2769
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3245
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3265
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3892
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3906
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4018
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4020
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4019
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4021
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4040
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4042
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4041
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4045
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4269
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4273
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4352
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0406
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0727
Third Party Advisory https://usn.ubuntu.com/4308-1/
Third Party Advisory https://www.debian.org/security/2020/dsa-4669
MLIST https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status