CVE-2019-9515

Name
CVE-2019-9515
Description
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://kb.cert.org/vuls/id/605641/
Third Party Advisory https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Third Party Advisory https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
Third Party Advisory https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
Third Party Advisory https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
Mailing List https://seclists.org/bugtraq/2019/Aug/24
Mailing List http://seclists.org/fulldisclosure/2019/Aug/16
Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_19_33
Third Party Advisory https://support.f5.com/csp/article/K50233772
Third Party Advisory https://security.netapp.com/advisory/ntap-20190823-0005/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Mailing List https://seclists.org/bugtraq/2019/Aug/43
Third Party Advisory https://www.debian.org/security/2019/dsa-4508
Third Party Advisory https://www.debian.org/security/2019/dsa-4520
Mailing List https://seclists.org/bugtraq/2019/Sep/18
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2766
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2796
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2861
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2925
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2939
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2955
Third Party Advisory https://support.f5.com/csp/article/K50233772?utm_source=f5support&utm_medium=RSS
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3892
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4018
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4019
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4021
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4020
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4041
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4040
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4042
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4045
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4352
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0727
Third Party Advisory https://usn.ubuntu.com/4308-1/

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status